9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
flask_appbuilder is vulnerable to Authentication Bypass. The vulnerability is due to the manipulation of authentication requests to deceive the backend into utilizing any specified OpenID service, which allows an attacker to forge an HTTP request to gain unauthorized privileged access. Note that this vulnerability is only exploitable if the AUTH_TYPE
is set to AUTH_OID
.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 4.3.11rc1 | |
flask-appbuilder | le | 4.3.11rc1 |
github.com/advisories/GHSA-j2pw-vp55-fqqj
github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8
github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8#diff-42dfd08d1fbdacf6045623e6c235b26b9070e967f0bc0f5f973a44c72e13dafe
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%