Published: 22/06/2023 Updated: 03/07/2023

CVSS v3 Base Score: 2.7 | Impact Score: 1.4 | Exploitability Score: 1.2

VMScore: 0

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flask-appbuilder project flask-appbuilder

Debian Bug report logs - #1038948 flask-appbuilder: CVE-2023-34110 Package: src:flask-appbuilder; Maintainer for src:flask-appbuilder is Debian Python Team <team+python@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 23 Jun 2023 15:06:04 UTC Severity: important Tags: security Re ...

CWE-209 https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626 https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2 https://github.com/dpgaspar/Flask-AppBuilder/pull/2045 https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038948 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-34110

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect