277 matches found
Flask-AppBuilder User Enumeration Vulnerability
Flask-AppBuilder is a simple and fast application development framework. A user enumeration vulnerability exists in Flask- appbuilder, which can be exploited by an attacker to allow an unauthenticated user to enumerate existing accounts by timing the server's response time at login...
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
Authentication flaw
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-29621 via flask-appbuilder (>=1.10.0 <=3.1.1)
flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-29621 Source advisory: OSV:PYSEC-2021-90...
PYSEC-2021-90
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
PYSEC-2021-90
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
CVE-2021-29621 Observable Response Discrepancy in Flask-AppBuilder
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
CVE-2021-29621
The vulnerability is in Flask-AppBuilder (a Flask-based development framework). A user-enumeration flaw exists in the database authentication flow, where an unauthenticated user can infer existing accounts by measuring login response timing. Affected versions are Flask-AppBuilder
CVE-2021-29621
Removed by vendor...
Flask-AppBuilder安全漏洞
Flask-AppBuilder is a simple and fast application development framework. A user enumeration vulnerability exists in Flask- appbuilder, which can be exploited by an attacker to allow an unauthenticated user to enumerate existing accounts by timing the server's response time at login...
User Enumeration
flaskappbuilder is vulnerable to user enumeration. A remote unauthenticated attacker is able to enumerate existing accounts by observing the response time from the server...
GHSA-434H-P4GX-JM89 Observable Response Discrepancy in Flask-AppBuilder
Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-29621 via flask-appbuilder (>=1.10.0 <=3.1.1)
flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-29621 Source advisory: OSV:GHSA-434H-P4GX-JM89...
Observable Response Discrepancy in Flask-AppBuilder
Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...
PT-2021-18372 · Pypi · Flask-Appbuilder
Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions 3.2.3 and earlier Description: The issue allows a non-authenticated user to enumerate existing accounts by timing the response time from the server when logging in. This is due to user enumeration in database...
appbuilder.vdomobile.com XSS vulnerability
Vulnerable URL: http://appbuilder.vdomobile.com/mobile/?appcode=extremethinglv=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%3Cimg/onerror=%27;%20alert%28/OPENBUGBOUNTY/%29;%27src=1%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicl...