CVE-2023-34110

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Jun 22, 2023

Updated: Jul 3, 2023

CWE ID 209

Summary

CVE-2023-34110 is a vulnerability affecting Flask-AppBuilder, an application development framework based on Flask, prior to version 4.3.2. Malicious actors with Admin privileges could exploit this issue by introducing a special character on the add or edit User forms. The resulting database error would be displayed on the UI, potentially exposing the entire user row, including the pbkdf2:sha256 hashed password, on certain database engines. This vulnerability has been mitigated in Flask-AppBuilder version 4.3.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Flask-appbuilder Project Flask-appbuilder

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rveipi
https://www.cve.org/CVERecord?id=CVE-2023-34110
https://nvd.nist.gov/vuln/detail/CVE-2023-34110

Back to Vulnerability Database

CVE-2023-34110

CVSS 3.1 Score 2.7 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations