Security Advisory

CVE-2023-29005

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-10 20:47:17

Last updated 2025-02-07 19:35:38

Assigner GitHub_M

State PUBLISHED

Description

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.

← Browse all CVEs View on cve.org ↗