Home > Vulnerability Database > CVE-2022-21659

Mend.io Vulnerability Database

CVE-2022-21659

Good to know:

Date: January 31, 2022

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.

Language: Python

Severity Score

5.3

Related Resources (4)

Url: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-21659

Url: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f

Url: https://www.mend.io/vulnerability-database/CVE-2022-21659

Severity Score

5.3

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version Flask-AppBuilder - 3.4.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-21659

Good to know:

Date: January 31, 2022

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?