View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-1000433 severity important: SUSE including 24 source package names (caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2, crowbar-4.0+git.1551088848.823bcaa3-7.29.2, …), 32 product×package rows across 8 product lines (HPE Helion OpenStack 8, HPE Helion OpenStack Cloud 8, … (8 product lines)): Fixed 26, Known Not Affected 6.
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.