Lucene search
HistoryApr 10, 2023 - 9:15 p.m.
CVE-2023-29005
flask-appbuilder
rate limiting
brute-force
user credentials
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
52.3%
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTH_RATE_LIMITED = True, RATELIMIT_ENABLED = True, and setting an AUTH_RATE_LIMIT.
Affected configurations
Node
flask-appbuilder_projectflask-appbuilderRange<4.3.0
Related
gitlab
gitlab
Improper Restriction of Excessive Authentication Attempts
2023-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-29005
2023-04-10 00:00:00
prion
prion
Design/Logic Flaw
2023-04-10 21:15:00
veracode
veracode
Brute Force Attack
2023-04-18 13:56:31
osv
osv
CVE-2023-29005
2023-04-10 21:15:07
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
cvelist
cvelist
CVE-2023-29005 No Rate Limiting on Login AUTH DB
2023-04-10 20:47:17
github
github
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
debiancve
debiancve
CVE-2023-29005
2023-04-10 21:15:07
cve
cve
CVE-2023-29005
2023-04-10 21:15:07
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
52.3%
Related for NVD:CVE-2023-29005