Vulnerabilities > CVE-2023-29005 - Improper Restriction of Excessive Authentication Attempts vulnerability in Dpgaspar Flask-Appbuilder

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dpgaspar
CWE-307
NVD
Published: 2023-04-10
Updated: 2025-03-07

Summary

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.

Vulnerable Configurations

Part Description Count
Application
Dpgaspar
75

Common Weakness Enumeration (CWE)

References