flask_appbuilder is vulnerable to user enumeration. A remote unauthenticated attacker is able to enumerate existing accounts by observing the response time from the server.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 3.3.0rc1 |
github.com/advisories/GHSA-434h-p4gx-jm89
github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E
pypi.org/project/Flask-AppBuilder/