CVE-2023-34110

Published
View on NVD ↗
CVSS v3
2.7
LOW
CVSS v2
N/A
Affected
1
PROJECT

Description

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.

dpgaspar/Flask-AppBuilder
dpgaspar/Flask-AppBuilder
Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/
GitHubGitHub
4.95K