Описание
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTH_RATE_LIMITED = True, RATELIMIT_ENABLED = True, and setting an AUTH_RATE_LIMIT.
Ссылки
- Product
- Vendor Advisory
- Product
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.0 (исключая)
cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
7.5 High
CVSS3
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 3 года назад
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.
CVSS3: 7.5
debian
почти 3 года назад
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...
CVSS3: 7.5
github
почти 3 года назад
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
EPSS
Процентиль: 54%
0.00309
Низкий
7.5 High
CVSS3
Дефекты
CWE-307