CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.4%
Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.
Upgrade flask-appbuilder to version 4.5.1
If upgrading is not possible configure your web server to send the following HTTP headers for /login:
“Cache-Control”: “no-store, no-cache, must-revalidate, max-age=0”
“Pragma”: “no-cache”
“Expires”: “0”
Vendor | Product | Version | CPE |
---|---|---|---|
flask-appbuilder_project | flask-appbuilder | * | cpe:2.3:a:flask-appbuilder_project:flask-appbuilder:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.4%