Flask-AppBuilder's login form allows browser to cache sensitive fields

2024-09-0418:12:16

Google

osv.dev

flask-appbuilder

cache

sensitive data

security

upgrade

web server

http headers

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

21.4%

JSON

Impact

Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.

Patches

Upgrade flask-appbuilder to version 4.5.1

Workarounds

If upgrading is not possible configure your web server to send the following HTTP headers for /login:
“Cache-Control”: “no-store, no-cache, must-revalidate, max-age=0”
“Pragma”: “no-cache”
“Expires”: “0”