CVE-2024-45314

EPSS 0.1%
Veröffentlicht 04.09.2024 16:15:08
Zuletzt bearbeitet 15.10.2025 13:14:02
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dpgaspar ≫ Flask-appbuilder Version < 4.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
security-advisories@github.com	3.6	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636

Patch

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45314

EUVD