CVE-2021-41265

Опубликовано: 09 дек. 2021

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.

Ссылки

https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc
Patch
Third Party Advisory
https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
Release Notes
Third Party Advisory
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
Third Party Advisory
https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc
Patch
Third Party Advisory
https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
Release Notes
Third Party Advisory
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*

Версия до 3.3.4 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2021-41265

CVSS3: 8.1

debian

около 4 лет назад

Flask-AppBuilder is a development framework built on top of Flask. Ver ...

GHSA-m3rf-7m4w-r66q

CVSS3: 8.1

github

около 4 лет назад

Improper Authentication in Flask-AppBuilder

EPSS

Процентиль: 55%

0.00328

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-287