CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

PT-2024-20767 · Pypi · Flask-Appbuilder

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.3.11 Description: The issue allows an attacker to forge an HTTP request, deceiving the backend into using any requested OpenID service when Flask-AppBuilder is set to AUTH TYPE AUTH OID. This could grant a...