CNNVD-202507-1920 Information

Jul 14, 2025 cve

CNNVD ID

CNNVD-202507-1920

CVE-2025-53640

  • CNNVD Published: 2025-07-14

Description (Chinese)

Indico是Indico开源的一个功能丰富的事件管理系统。 Indico 3.3.7之前版本存在安全漏洞,该漏洞源于Flask-Multipass存在用户详细信息泄露。

Description (English)

Indico is a functional, open-source event management system for Indico. The previous version of Indico 3.3.7 had a security loophole, which stemmed from the leaking of detailed user information in Flusk-Multipass.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Indico

Published

2025-07-14

Last Modified

2026-02-24

References

https://github.com/indico/indico/releases/tag/v3.3.7 https://docs.getindico.io/en/stable/config/settings/#ALLOW_PUBLIC_USER_SEARCH https://github.com/indico/indico/security/advisories/GHSA-q28v-664f-q6wj https://docs.getindico.io/en/stable/installation/upgrade https://access.redhat.com/security/cve/cve-2025-53640

Patch

https://github.com/indico/indico/releases

Share on: