Description
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| dpgaspar | Flask-AppBuilder | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-0083 | Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve. |
 Github GHSA |
GHSA-434h-p4gx-jm89 | Observable Response Discrepancy in Flask-AppBuilder |
References
History
Fri, 07 Mar 2025 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dpgaspar
Dpgaspar flask-appbuilder |
|
| CPEs | cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Flask-appbuilder Project
Flask-appbuilder Project flask-appbuilder |
Dpgaspar
Dpgaspar flask-appbuilder |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-03T22:11:06.246Z
Reserved: 2021-03-30T00:00:00.000Z
Link: CVE-2021-29621
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-07T19:15:07.600
Modified: 2025-03-07T14:37:51.330
Link: CVE-2021-29621
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses