4 matches found
Sensitive Data Exposure
Flask-AppBuilder is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure cache directives for the auth DB login form, which allows browsers to locally store sensitive data...
Flask-AppBuilder's login form allows browser to cache sensitive fields
Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources...
CVE-2023-29005 No Rate Limiting on Login AUTH DB
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...
GHSA-9HCR-9HCV-X6PV Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...