CVE-2023-29005

Опубликовано: 10 апр. 2023

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTH_RATE_LIMITED = True, RATELIMIT_ENABLED = True, and setting an AUTH_RATE_LIMIT.

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	DNE
kinetic	ignored	end of life, was needs-triage
lunar	DNE
trusty	ignored	end of standard support
upstream	released	4.3.0
xenial	ignored	end of standard support

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-29005

CVSS3: 7.5

nvd

почти 3 года назад

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.

CVE-2023-29005

CVSS3: 7.5

debian

почти 3 года назад

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...

GHSA-9hcr-9hcv-x6pv

CVSS3: 7.5

github

почти 3 года назад

Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

7.5 High

CVSS3

CVE-2023-29005

Описание

Пакет flask-appbuilder

Ссылки на источники

Связанные уязвимости