Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
References
Configurations
History
21 Nov 2024, 06:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 - Patch, Third Party Advisory | |
References | () https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89 - Third Party Advisory | |
References | () https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E - | |
References | () https://pypi.org/project/Flask-AppBuilder/ - Product, Third Party Advisory |
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-06-07 19:15
Updated : 2024-11-21 06:01
NVD link : CVE-2021-29621
Mitre link : CVE-2021-29621
CVE.ORG link : CVE-2021-29621
JSON object : View
Products Affected
flask-appbuilder_project
- flask-appbuilder
apache
- airflow
CWE
CWE-203
Observable Discrepancy