Lucene search
+L

216 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2024/02/28 12:0 a.m.84 views

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

9.1CVSS6.7AI score0.00857EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/06/22 11:15 p.m.37 views

CVE-2023-34110

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS3.3AI score0.00676EPSS
Exploits0References4
Prion
Prion
added 2023/06/22 11:15 p.m.12 views

Design/Logic Flaw

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

3.3CVSS3.4AI score0.00676EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/22 11:15 p.m.21 views

CVE-2023-34110

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS5.9AI score0.00676EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/06/22 11:15 p.m.4 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +150 more potentially affected by CVE-2023-34110 via flask-appbuilder (>=1.10.0 <=4.3.11)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.11 and more Source cves: CVE-2023-34110 Source advisory: OSV:PYSEC-2023-94...

2.7CVSS5.8AI score0.00676EPSS
Exploits0
OSV
OSV
added 2023/06/22 11:15 p.m.4 views

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS5.8AI score0.00676EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/22 10:34 p.m.11 views

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS6.4AI score0.00676EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/22 10:34 p.m.41 views

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS3.7AI score0.00676EPSS
Exploits0References4
CVE
CVE
added 2023/06/22 10:34 p.m.64 views

CVE-2023-34110

Flask-AppBuilder (the Flask-based application framework) is affected by CVE-2023-34110. An authenticated admin could trigger a database error by entering a special character on the Add/Edit User form, with certain database engines potentially exposing the entire user row, including the pbkdf2:sha...

2.7CVSS3.1AI score0.00676EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/22 10:34 p.m.31 views

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS4AI score0.00676EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/06/22 10:34 p.m.74 views

CVE-2023-34110

Removed by vendor...

2.7CVSS4.1AI score0.00676EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/06/22 7:59 p.m.5 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +150 more potentially affected by CVE-2023-34110 via flask-appbuilder (>=1.10.0 <=4.3.11)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.11 and more Source cves: CVE-2023-34110 Source advisory: OSV:GHSA-JHPR-J7CQ-3JP3...

2.7CVSS5.8AI score0.00676EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.30 views

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Impact An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the...

2.7CVSS6.7AI score0.00676EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.6 views

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.2, which can be exploited by an attacker to trigger a database error by adding special characters to the Add, Edit user form...

2.7CVSS4.9AI score0.00676EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.7 views

PT-2023-24682

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.2 Description An authenticated malicious actor with Admin privileges could trigger a database error by adding a special character on the add or edit User forms. This error can be surfaced back to the acto...

5.1CVSS4.7AI score0.00676EPSS
Exploits0References14
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/22 12:0 a.m.93 views

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256...

2.7CVSS3.2AI score0.00676EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/04/10 9:15 p.m.27 views

CVE-2023-29005

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References2
Prion
Prion
added 2023/04/10 9:15 p.m.15 views

Design/Logic Flaw

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

5CVSS7.4AI score0.00629EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/10 9:15 p.m.14 views

CVE-2023-29005

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS7.1AI score0.00629EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/10 8:47 p.m.50 views

CVE-2023-29005 No Rate Limiting on Login AUTH DB

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS7.6AI score0.00629EPSS
Exploits0References2
Rows per page
Query Builder