CVE-2022-24776Open Redirect in Flask-appbuilder

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 42.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dpgaspar Flask-appbuilder
Timeline
PublishedMar 24
Latest updateMar 25

Description

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5dpgaspar/flask-appbuilder< 3.4.5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Open Redirect in Flask-AppBuilder2022-03-25
GHSA
Open Redirect in Flask-AppBuilder2022-03-25
CVEList
Open Redirect in Flask-AppBuilder2022-03-24
CVE-2022-24776 — Open Redirect in Flask-appbuilder | cvebase