CNNVD-202602-557 Information

CNNVD ID

CNNVD-202602-557

Related CVE

CVE-2026-25519

• CNNVD Published: 2026-02-04

Description (Chinese)

OpenSlides是OpenSlides开源的一个免费的、基于网络的演示和集会系统。用于管理和投影集会的议程、动议和选举。 OpenSlides 4.2.29之前版本存在访问控制错误漏洞，该漏洞源于外部IDP同步用户的本地登录存在访问控制不当，可能导致使用简单密码成功登录。

Description (English)

OpenSlides is a free, web-based demonstration and assembly system open to OpenSlides. Agendas, motions and elections for the management and projection of assemblies. The previous OpenSlides 4.2.29 version had access control bugs, which stemmed from inappropriate access controls in the local login of external DPI synchronized users, which could lead to successful login using simple passwords.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

OpenSlides

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29 https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee https://github.com/OpenSlides/openslides-auth-service/pull/889

Patch

https://github.com/OpenSlides/OpenSlides/releases