Vulnerability Description
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dpgaspar | Flask-Appbuilder | < 3.4.5 |
Related Weaknesses (CWE)
References
- https://github.com/dpgaspar/Flask-AppBuilder/pull/1804PatchThird Party Advisory
- https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5Release NotesThird Party Advisory
- https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-Third Party Advisory
- https://github.com/dpgaspar/Flask-AppBuilder/pull/1804PatchThird Party Advisory
- https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5Release NotesThird Party Advisory
- https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-Third Party Advisory
FAQ
What is CVE-2022-24776?
CVE-2022-24776 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login pag...
How severe is CVE-2022-24776?
CVE-2022-24776 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24776?
Check the references section above for vendor advisories and patch information. Affected products include: Dpgaspar Flask-Appbuilder.