CVE Vulnerabilities

CVE-2024-22893

Improper Privilege Management

Published: Sep 25, 2024 | Modified: Jun 13, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Openslides Openslides 4.0.15 (including) 4.0.15 (including)

Potential Mitigations

References