{"id":"PYSEC-2024-290","details":"OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.","aliases":["CVE-2024-22893"],"modified":"2026-05-21T15:00:25.352989963Z","published":"2024-09-25T15:15:13.520Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/mdickopp/10e4a4ba3d7ded8315a1613ee7f2541e"}],"affected":[{"package":{"name":"openslides","ecosystem":"PyPI","purl":"pkg:pypi/openslides"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"4.0.15"}]}],"versions":["1.3","1.3-rc1","1.3.1","1.4","1.4.1","1.4.2","1.5","1.5.1","1.6","1.6.1","1.7","2.0","2.1","2.1.1","2.1b1","2.1b2","2.1b3","2.1b4","2.2","2.2b1","2.2b2","2.2b3","2.3","2.3b1","3.0","3.1","3.2","3.3"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/openslides/PYSEC-2024-290.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}