CVE-2023-29005
10.04.2023, 21:15
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dpgaspar | flask-appbuilder | 𝑥 < 4.3.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References