Lucene search
Veracode Vulnerability DatabaseVERACODE:40162HistoryApr 18, 2023 - 1:56 p.m.
Brute Force Attack
2023-04-1813:56:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
flask_appbuilder
brute force attacks
rate limiting
user credentials
unauthorized actions
EPSS
0.002
Percentile
52.3%
flask_appbuilder is vulnerable to Brute Force Attacks. The vulnerability exists due to a lack of rate limiting which allows an attacker to brute force the user credentials and perform unauthorized actions.
References
flask-limiter.readthedocs.io/en/stable/configuration.html
github.com/advisories/GHSA-9hcr-9hcv-x6pv
github.com/dpgaspar/Flask-AppBuilder/commit/bef24219dab334f5187b04da733c2db8d33ff437
github.com/dpgaspar/Flask-AppBuilder/pull/1976
github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
Related
gitlab
gitlab
Improper Restriction of Excessive Authentication Attempts
2023-04-10 00:00:00
nvd
nvd
CVE-2023-29005
2023-04-10 21:15:07
ubuntucve
ubuntucve
CVE-2023-29005
2023-04-10 00:00:00
prion
prion
Design/Logic Flaw
2023-04-10 21:15:00
osv
osv
CVE-2023-29005
2023-04-10 21:15:07
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
cvelist
cvelist
CVE-2023-29005 No Rate Limiting on Login AUTH DB
2023-04-10 20:47:17
github
github
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
2023-04-10 16:37:40
debiancve
debiancve
CVE-2023-29005
2023-04-10 21:15:07
cve
cve
CVE-2023-29005
2023-04-10 21:15:07