Lucene search
K

4 matches found

Veracode
Veracode
added 2024/09/05 6:13 a.m.9 views

Sensitive Data Exposure

Flask-AppBuilder is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure cache directives for the auth DB login form, which allows browsers to locally store sensitive data...

5.5CVSS5.3AI score0.00262EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/04 12:0 a.m.15 views

Flask-AppBuilder's login form allows browser to cache sensitive fields

Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources...

5.5CVSS6.6AI score0.00262EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/04/10 8:47 p.m.35 views

CVE-2023-29005 No Rate Limiting on Login AUTH DB

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS7.6AI score0.00629EPSS
Exploits0References2
OSV
OSV
added 2023/04/10 4:37 p.m.28 views

GHSA-9HCR-9HCV-X6PV Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References6
Rows per page
Query Builder