CPE Details
Dpgaspar Flask-appbuilder 3.4.3
3.4.3
2025-03-07
13h37 +00:00
13h37 +00:00
2025-03-07
13h37 +00:00
13h37 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:dpgaspar:flask-appbuilder:3.4.3:*:*:*:*:*:*:*
Informations
Vendor
dpgasparProduct
flask-appbuilderVersion
3.4.3Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. | 7.5 |
Haute |
||
| Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2.7 |
Bas |
||
| Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | 6.1 |
Moyen |
