Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-FD21AE02D7B236CEAB236DD64E7A45CC
HistoryApr 10, 2023 - 12:00 a.m.

Improper Restriction of Excessive Authentication Attempts

2023-04-1000:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
6
improper restriction
excessive authentication attempts
rate limiting
brute-force
user credentials
flask-appbuilder

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTH_RATE_LIMITED = True, RATELIMIT_ENABLED = True, and setting an AUTH_RATE_LIMIT.

Affected configurations

Vulners
Node
pypiml-scannerRange<4.3.0pypi

Related

nvd 1
ubuntucve 1
prion 1
veracode 1
osv 2
cvelist 1
github 1
debiancve 1
cve 1
nvd
nvd
CVE-2023-29005
2023-04-10 21:15:07
ubuntucve
ubuntucve
CVE-2023-29005
2023-04-10 00:00:00
prion
prion
Design/Logic Flaw
2023-04-10 21:15:00
veracode
veracode
Brute Force Attack
2023-04-18 13:56:31
osv
osv
CVE-2023-29005
2023-04-10 21:15:07
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
cvelist
cvelist
CVE-2023-29005 No Rate Limiting on Login AUTH DB
2023-04-10 20:47:17
github
github
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
debiancve
debiancve
CVE-2023-29005
2023-04-10 21:15:07
cve
cve
CVE-2023-29005
2023-04-10 21:15:07

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON
Related for GITLAB-FD21AE02D7B236CEAB236DD64E7A45CC
nvd1ubuntucve1prion1veracode1osv2cvelist1github1debiancve1cve1