Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-29005
HistoryApr 10, 2023 - 9:15 p.m.

Design/Logic Flaw

2023-04-1021:15:00
PRIOn knowledge base
www.prio-n.com
4
flask-appbuilder
rate limiting
brute-force
user credentials
nvd

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTH_RATE_LIMITED = True, RATELIMIT_ENABLED = True, and setting an AUTH_RATE_LIMIT.

CPENameOperatorVersion
flask-appbuilderlt4.3.0

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%