2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
38.0%
flask_appbuilder is vulnerable to Information Disclosure. The vulnerability exists in the crud operator functions in interface.py
due to log messages which are not properly sanitized during database errors, allowing an admin authenticated attacker to gain access to sensitive user information such as the hashed passwords.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 4.3.2rc2 | |
flask-appbuilder | le | 4.3.2rc2 |