CVE-2021-29621 — MEDIUM (5.3)

Q: How severe is CVE-2021-29621?

CVE-2021-29621 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29621?

Check the references section above for vendor advisories and patch information. Affected products include: Dpgaspar Flask-Appbuilder, Apache Airflow.

Vulnerability Description

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dpgaspar	Flask-Appbuilder	<= 3.2.3
Apache	Airflow	1.10.0

Related Weaknesses (CWE)

CWE-203

References

FAQ

What is CVE-2021-29621?

CVE-2021-29621 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing ...

How severe is CVE-2021-29621?

CVE-2021-29621 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29621?

Check the references section above for vendor advisories and patch information. Affected products include: Dpgaspar Flask-Appbuilder, Apache Airflow.