CVE-2021-29621
published 2021-06-07CVE-2021-29621: Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | — | — |
| dpgaspar | flask-appbuilder | < 3.3.0 | 3.3.0 |
| dpgaspar | flask-appbuilder | <= 3.2.3 | — |
| dpgaspar | flask-appbuilder | >= 0 < 3.3.0 | 3.3.0 |
| dpgaspar | flask-appbuilder | >= 0 < 780bd0e8fbf2d36ada52edb769477e0a4edae580 | 780bd0e8fbf2d36ada52edb769477e0a4edae580 |