2 matches found
Missing Authentication for Critical Function
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the event series management API endpoint. An attacker can retrieve event metadata, delete, or modify event...
CVE-2026-28352 Indico missing access check in event series management API
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...