CVE-2024-22893 — HIGH (7.5)

Vulnerability Description

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openslides	Openslides	4.0.15

Related Weaknesses (CWE)

CWE-269

References

https://gist.github.com/mdickopp/10e4a4ba3d7ded8315a1613ee7f2541eThird Party Advisory

FAQ

What is CVE-2024-22893?

CVE-2024-22893 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing...

How severe is CVE-2024-22893?

CVE-2024-22893 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-22893?

Check the references section above for vendor advisories and patch information. Affected products include: Openslides Openslides.