CVE-2024-25128

2024-02-2901:44:14

CWE-287

[email protected]

web.nvd.nist.gov

flask-appbuilder

auth_type

auth_oid

vulnerability

openid

http request

unauthorized access

privilege escalation

nvd

cve-2024-25128

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.

Affected configurations

Vulners

Node

dpgasparflask_appbuilderRange<4.3.11

CNA Affected

[
  {
    "vendor": "dpgaspar",
    "product": "Flask-AppBuilder",
    "versions": [
      {
        "version": "< 4.3.11",
        "status": "affected"
      }
    ]
  }
]