CVE-2024-25128 — Improper Authentication in Flask-appbuilder

CWE-287 — Improper Authentication5 documents5 sources

Severity

9.1CRITICALNVD

EPSS

1.0%

top 23.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpgaspar Flask-appbuilder

Timeline

PublishedFeb 29

Latest updateApr 28

Description

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 auth…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5dpgaspar/flask-appbuilder< 4.3.11

▶NVDdpgaspar/flask-appbuilder< 4.3.11

▶PyPIdpgaspar/flask-appbuilder< 4.3.11

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID↗2024-02-28

▶

GHSA

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID↗2024-02-28

▶

CVEList

Flask-AppBuilder incorrect authentication when using auth type OpenID↗2024-02-28

▶

💬Community

HackerOne

CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE↗2024-04-28

▶