← Retour aux CVEs
CVE-2025-24023
LOW3.7
Description
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
Details CVE
Score CVSS v3.13.7
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie3/3/2025
Derniere modification3/7/2025
Sourcenvd
Observations honeypot0
Produits affectes
dpgaspar:flask-appbuilder
Faiblesses (CWE)
CWE-204CWE-203
References
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.