9 matches found
Improper Access Control
flaskappbuilder is vulnerable to improper access control. The vulnerability is due to the password reset endpoint remaining accessible when using OAuth, LDAP, or other non-database authentication methods, which allows an attacker to reset passwords and create valid JWT tokens even for disabled us...
CVE-2025-58065
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2025-58065
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...
Flask App Builder 授权问题漏洞
Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. An authorization issue vulnerability exists in Flask App Builder versions prior to 4.8.1, which stems from not disabling the password reset feature when using a non-database...
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT...