PT-2026-6309 · Unknown · Openslides

Sistason

·

Publicado

2026-02-04

·

Atualizado

2026-02-18

·

CVE-2026-25519

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenSlides versions prior to 4.2.29
Description OpenSlides is a web-based presentation and assembly system. Prior to version 4.2.29, a flaw exists in access control for users synchronized via an external IDP, allowing local logins with a trivial password. Specifically, users can log in using the OpenSlides username of a SAML user and any simple password, as the password is valid for all SAML users. This allows unauthorized access to accounts synced through SAML. The vulnerable component involves the local login form and SAML user authentication.
Recommendations Update to version 4.2.29 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2026-25519
GHSA-VV4H-8WFC-PF8C

Produtos afetados

Openslides