Open redirect

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...

CVE-2022-24776

Removed by vendor...

URL Redirection to Untrusted Site ('Open Redirect')

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...

Flask-AppBuilder 输入验证错误漏洞

Flask-AppBuilder is a simple and fast application development framework. An input validation error vulnerability exists in versions of Flask-AppBuilder prior to 3.4.5, which stems from an open redirection vulnerability in versions of Flask-AppBuilder prior to 3.4.5 when using database...

GHSA-WFJW-W6PV-8P7F Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.4.4 Workarounds References For more information If you have an...

Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.4.4 Workarounds References For more information If you have an...

CVE-2021-40693

An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability...

Authentication flaw

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

Improper Authentication in Flask-AppBuilder

Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints...

PT-2022-11302 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: ALT Linux affected versions not specified Description: An authentication bypass risk was identified due to a type juggling vulnerability in the external database authentication functionality. Recommendations: At the moment, there is no...

Moodle 授权问题漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from a type juggling issue in the external database authentication...

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

PYSEC-2021-90

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

CVE-2021-29621

Removed by vendor...

CVE-2021-29621 Observable Response Discrepancy in Flask-AppBuilder

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...

Observable Response Discrepancy in Flask-AppBuilder

User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in...

CVE-2020-36333

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...

CVE-2017-1000356

Summary of sources: CVE‑2017‑1000356 affects Jenkins 2.56 and earlier (and 2.46.1 LTS and earlier) with CSRF vulnerabilities in the Jenkins user database authentication realm that could enable an attacker to create accounts or disrupt admin users, potentially enabling broader impacts. Connected a...