Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-2784 Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
Github GHSA Github GHSA GHSA-fw5r-6m3x-rh7p Flask-AppBuilder's login form allows browser to cache sensitive fields
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 15 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Dpgaspar flask-appbuilder
CPEs cpe:2.3:a:dpgaspar:flask_app_builder:*:*:*:*:*:*:*:* cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*
Vendors & Products Dpgaspar flask App Builder
Dpgaspar flask-appbuilder

Thu, 12 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Dpgaspar
Dpgaspar flask App Builder
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:dpgaspar:flask_app_builder:*:*:*:*:*:*:*:*
Vendors & Products Dpgaspar
Dpgaspar flask App Builder

Wed, 04 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 04 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
Description Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
Title Flask-AppBuilder login form allows browser to cache sensitive fields
Weaknesses CWE-525
References
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-09-04T17:43:05.895Z

Reserved: 2024-08-26T18:25:35.444Z

Link: CVE-2024-45314

cve-icon Vulnrichment

Updated: 2024-09-04T17:42:26.850Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-04T16:15:08.833

Modified: 2025-10-15T13:14:02.917

Link: CVE-2024-45314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.