Authentication Bypass

flaskappbuilder is vulnerable to Authentication Bypass. The vulnerability is due to the manipulation of authentication requests to deceive the backend into utilizing any specified OpenID service, which allows an attacker to forge an HTTP request to gain unauthorized privileged access. Note that...

Information Disclosure

flaskappbuilder is vulnerable to Information Disclosure. The vulnerability exists in the crud operator functions in interface.py due to log messages which are not properly sanitized during database errors, allowing an admin authenticated attacker to gain access to sensitive user information such ...

Brute Force Attack

flaskappbuilder is vulnerable to Brute Force Attacks. The vulnerability exists due to a lack of rate limiting which allows an attacker to brute force the user credentials and perform unauthorized actions...

Open Redirect

flaskappbuilder is vulnerable to open redirect. The library doesn't properly validate the next url logic for OAuth, OID and DB in the database authentication login page which allows an attacker to inject a malicious URL through to the system...

Authentication Bypass

flaskappbuilder is vulnerable to authentication bypass. The vulnerability exists login function of api.py because the login requests are not properly validated which allows a malicious attacker to send a crafted request and gain access to the API endpoints...

Insecure Redirect

flaskappbuilder is vulnerable to insecure redirect. Insecure handling of URL on OAuth allows an attacker to share malicious URL for a user to redirect to a malicious site...