Lucene search
Veracode Vulnerability DatabaseVERACODE:36544HistoryAug 01, 2022 - 4:21 a.m.
Information Disclosure
2022-08-0104:21:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
flask-appbuilder
information disclosure
http response
hashed passwords
attackers
query strings
0.001 Low
EPSS
Percentile
19.4%
Flask-AppBuilder is vulnerable to information disclosure. The vulnerability exists due to the HTTP response indicating the hashed passwords insecurely, allowing attackers to infer the partial password hashes through the malicious query strings.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flask-appbuilder | le | 4.1.3rc1 | |
| flask-appbuilder | le | 4.1.3rc1 |
References
github.com/advisories/GHSA-32ff-4g79-vgfc
github.com/dpgaspar/Flask-AppBuilder/commit/449afe47b17298b57272762332f9c96ea6af0449
github.com/dpgaspar/Flask-AppBuilder/pull/1881
github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
Related
osv
osv
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
2022-07-29 22:28:12
PYSEC-2022-247
2022-08-01 19:15:00
CVE-2022-31177
2022-08-01 19:15:08
gitlab
gitlab
Use of Password Hash With Insufficient Computational Effort
2022-08-01 00:00:00
Duplicate of ./pypi/Flask-AppBuilder/CVE-2022-31177.yml
2022-07-29 00:00:00
cve
cve
CVE-2022-31177
2022-08-01 19:15:08
ubuntucve
ubuntucve
CVE-2022-31177
2022-08-01 00:00:00
github
github
cvelist
cvelist
nvd
nvd
CVE-2022-31177
2022-08-01 19:15:08
debiancve
debiancve
CVE-2022-31177
2022-08-01 19:15:08
prion
prion
Design/Logic Flaw
2022-08-01 19:15:00