Lucene search
K

277 matches found

CNVD
CNVD
added 2021/06/09 12:0 a.m.6 views

Flask-AppBuilder User Enumeration Vulnerability

Flask-AppBuilder is a simple and fast application development framework. A user enumeration vulnerability exists in Flask- appbuilder, which can be exploited by an attacker to allow an unauthenticated user to enumerate existing accounts by timing the server's response time at login...

5.3CVSS6.6AI score0.03404EPSS
Exploits0References1
NVD
NVD
added 2021/06/07 7:15 p.m.46 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS0.03404EPSS
Exploits0References6
OSV
OSV
added 2021/06/07 7:15 p.m.20 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS5.3AI score
Exploits0References6
Prion
Prion
added 2021/06/07 7:15 p.m.16 views

Authentication flaw

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5CVSS5.2AI score0.03404EPSS
Exploits0References6Affected Software2
vulnersOsv
vulnersOsv
added 2021/06/07 7:15 p.m.5 views

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-29621 via flask-appbuilder (>=1.10.0 <=3.1.1)

flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-29621 Source advisory: OSV:PYSEC-2021-90...

5.3CVSS6AI score0.03404EPSS
Exploits0
PyPA
PyPA
added 2021/06/07 7:15 p.m.7 views

PYSEC-2021-90

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS6.9AI score0.03404EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/06/07 7:15 p.m.21 views

PYSEC-2021-90

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS3.3AI score0.03404EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/06/07 7:0 p.m.48 views

CVE-2021-29621 Observable Response Discrepancy in Flask-AppBuilder

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS5.6AI score0.03404EPSS
Exploits0References6
CVE
CVE
added 2021/06/07 7:0 p.m.129 views

CVE-2021-29621

The vulnerability is in Flask-AppBuilder (a Flask-based development framework). A user-enumeration flaw exists in the database authentication flow, where an unauthenticated user can infer existing accounts by measuring login response timing. Affected versions are Flask-AppBuilder

5.3CVSS5.2AI score0.03404EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2021/06/07 7:0 p.m.21 views

CVE-2021-29621

Removed by vendor...

5.3CVSS5.4AI score0.03404EPSS
Exploits0
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.8 views

Flask-AppBuilder安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A user enumeration vulnerability exists in Flask- appbuilder, which can be exploited by an attacker to allow an unauthenticated user to enumerate existing accounts by timing the server's response time at login...

5.3CVSS5.6AI score0.03404EPSS
Exploits0References6
Veracode
Veracode
added 2021/05/28 4:20 a.m.22 views

User Enumeration

flaskappbuilder is vulnerable to user enumeration. A remote unauthenticated attacker is able to enumerate existing accounts by observing the response time from the server...

5.3CVSS3.6AI score0.03404EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/05/27 6:38 p.m.23 views

GHSA-434H-P4GX-JM89 Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...

6.9CVSS5AI score0.03404EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2021/05/27 6:38 p.m.4 views

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-29621 via flask-appbuilder (>=1.10.0 <=3.1.1)

flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-29621 Source advisory: OSV:GHSA-434H-P4GX-JM89...

5.3CVSS6AI score0.03404EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/27 6:38 p.m.67 views

Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...

5.3CVSS5AI score0.03404EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/27 12:0 a.m.10 views

PT-2021-18372 · Pypi · Flask-Appbuilder

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions 3.2.3 and earlier Description: The issue allows a non-authenticated user to enumerate existing accounts by timing the response time from the server when logging in. This is due to user enumeration in database...

6.9CVSS5.1AI score0.03404EPSS
Exploits0References16
Openbugbounty
Openbugbounty
added 2017/08/29 2:34 p.m.7 views

appbuilder.vdomobile.com XSS vulnerability

Vulnerable URL: http://appbuilder.vdomobile.com/mobile/?appcode=extremethinglv=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%3Cimg/onerror=%27;%20alert%28/OPENBUGBOUNTY/%29;%27src=1%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicl...

6.3AI score
Exploits0
Rows per page
Query Builder