6 matches found
CVE-2022-31177
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...
acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2), aglow (>=0.1.0rc3 <=0.1.0rc4) +130 more potentially affected by CVE-2022-31177 via flask-appbuilder (>=1.10.0 <=4.1.2)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.6, =0.0.1, =0.0.3 and more Source cves: CVE-2022-31177 Source advisory: OSV:PYSEC-2022-247...
CVE-2022-31177
CVE-2022-31177 affects Flask-AppBuilder versions prior to 4.1.3. An authenticated Admin could query other users by their salted and hashed password strings using partial hashed password strings. The server would not return full hashes, but an attacker could infer partial password hashes and their...
CVE-2022-31177 Possible to infer sensitive information through query strings in Flask-AppBuilder
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...
CVE-2022-31177
Removed by vendor...
Duplicate
This advisory duplicates another...