cvelistv5 - CVE-2022-31177

URL	Tags
security-advisories@github.com	https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc	Third Party Advisory

▼	Vendor	Product
	dpgaspar	Flask-AppBuilder

gsd-2022-31177

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.

Aliases

CVE-2022-31177

Aliases

CVE-2022-31177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-31177",
    "description": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.",
    "id": "GSD-2022-31177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31177"
      ],
      "details": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.",
      "id": "GSD-2022-31177",
      "modified": "2023-12-13T01:19:17.493946Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-31177",
        "STATE": "PUBLIC",
        "TITLE": "Possible to infer sensitive information through query strings in Flask-AppBuilder"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Flask-AppBuilder",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 4.1.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "dpgaspar"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc",
            "refsource": "CONFIRM",
            "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc"
          },
          {
            "name": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3",
            "refsource": "MISC",
            "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-32ff-4g79-vgfc",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.1.3",
          "affected_versions": "All versions before 4.1.3",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-07-24",
          "description": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.",
          "fixed_versions": [
            "4.1.3"
          ],
          "identifier": "CVE-2022-31177",
          "identifiers": [
            "CVE-2022-31177",
            "GHSA-32ff-4g79-vgfc",
            "GMS-2022-3340"
          ],
          "not_impacted": "All versions starting from 4.1.3",
          "package_slug": "pypi/Flask-AppBuilder",
          "pubdate": "2022-08-01",
          "solution": "Upgrade to version 4.1.3 or above.",
          "title": "Use of Password Hash With Insufficient Computational Effort",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31177",
            "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc",
            "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3",
            "https://github.com/advisories/GHSA-32ff-4g79-vgfc"
          ],
          "uuid": "acc9aa15-ec08-44bc-b706-a1cb5c7288a4"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions before 4.1.3",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-07-29",
          "description": "### Impact\nAn authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users.\n\nOnly when using `AUTH_DB` database authentication option.\n\n### Patches\nFixed on 4.1.3\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)\n",
          "fixed_versions": [
            "4.1.3"
          ],
          "identifier": "GMS-2022-3340",
          "identifiers": [
            "GHSA-32ff-4g79-vgfc",
            "GMS-2022-3340",
            "CVE-2022-31177"
          ],
          "not_impacted": "All versions starting from 4.1.3",
          "package_slug": "pypi/Flask-AppBuilder",
          "pubdate": "2022-07-29",
          "solution": "Upgrade to version 4.1.3 or above.",
          "title": "Duplicate of ./pypi/Flask-AppBuilder/CVE-2022-31177.yml",
          "urls": [
            "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc",
            "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3",
            "https://github.com/advisories/GHSA-32ff-4g79-vgfc"
          ],
          "uuid": "ef99c2e2-f108-402f-9e06-a5127f26860b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:flask-appbuilder_project:flask-appbuilder:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31177"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc"
            },
            {
              "name": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-07-24T13:08Z",
      "publishedDate": "2022-08-01T19:15Z"
    }
  }
}

pysec-2022-247

Vulnerability from pysec

Published

2022-08-01 19:15

Modified

2022-08-08 16:56

Details

Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "flask-appbuilder",
        "purl": "pkg:pypi/flask-appbuilder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.10",
        "0.1.11",
        "0.1.12",
        "0.1.13",
        "0.1.14",
        "0.1.15",
        "0.1.16",
        "0.1.17",
        "0.1.18",
        "0.1.19",
        "0.1.20",
        "0.1.21",
        "0.1.22",
        "0.1.23",
        "0.1.24",
        "0.1.25",
        "0.1.26",
        "0.1.27",
        "0.1.28",
        "0.1.29",
        "0.1.3",
        "0.1.33",
        "0.1.34",
        "0.1.35",
        "0.1.36",
        "0.1.37",
        "0.1.38",
        "0.1.4",
        "0.1.43",
        "0.1.44",
        "0.1.45",
        "0.1.46",
        "0.1.47",
        "0.1.5",
        "0.1.6",
        "0.1.7",
        "0.1.8",
        "0.1.9",
        "0.10.0",
        "0.10.1",
        "0.10.2",
        "0.10.3",
        "0.10.4",
        "0.10.5",
        "0.10.6",
        "0.10.7",
        "0.2.0",
        "0.2.1",
        "0.2.2",
        "0.3.0",
        "0.3.1",
        "0.3.10",
        "0.3.11",
        "0.3.12",
        "0.3.13",
        "0.3.14",
        "0.3.15",
        "0.3.16",
        "0.3.17",
        "0.3.2",
        "0.3.3",
        "0.3.4",
        "0.3.5",
        "0.3.6",
        "0.3.7",
        "0.3.8",
        "0.3.9",
        "0.4.0",
        "0.4.1",
        "0.4.2",
        "0.4.3",
        "0.5.0",
        "0.5.1",
        "0.5.2",
        "0.5.3",
        "0.5.4",
        "0.5.5",
        "0.5.6",
        "0.6.1",
        "0.6.10",
        "0.6.11",
        "0.6.12",
        "0.6.13",
        "0.6.14",
        "0.6.2",
        "0.6.3",
        "0.6.4",
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.5",
        "0.7.6",
        "0.7.7",
        "0.7.8",
        "0.8.0",
        "0.8.1",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.8.5",
        "0.9.0",
        "0.9.1",
        "0.9.2",
        "0.9.3",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.1.1",
        "1.1.2",
        "1.1.3",
        "1.10.0",
        "1.11.0",
        "1.11.1",
        "1.12.0",
        "1.12.1",
        "1.12.2",
        "1.12.3",
        "1.12.4",
        "1.12.5",
        "1.13.0",
        "1.13.1",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4.0",
        "1.4.1",
        "1.4.2",
        "1.4.3",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.4.7",
        "1.5.0",
        "1.6.0",
        "1.6.1",
        "1.6.2",
        "1.6.3",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.8.1",
        "1.9.0",
        "1.9.1",
        "1.9.2",
        "1.9.3",
        "1.9.4",
        "1.9.5",
        "1.9.6",
        "2.0.0",
        "2.1.0",
        "2.1.1",
        "2.1.10",
        "2.1.11",
        "2.1.12",
        "2.1.13",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.1.5",
        "2.1.6",
        "2.1.7",
        "2.1.8",
        "2.1.9",
        "2.2.0",
        "2.2.0rc1",
        "2.2.0rc2",
        "2.2.1",
        "2.2.1rc1",
        "2.2.1rc2",
        "2.2.1rc3",
        "2.2.2",
        "2.2.2rc1",
        "2.2.2rc2",
        "2.2.2rc3",
        "2.2.3",
        "2.2.3rc1",
        "2.2.3rc2",
        "2.2.3rc3",
        "2.2.3rc4",
        "2.2.3rc5",
        "2.2.3rc6",
        "2.2.4",
        "2.2.4rc1",
        "2.3.0",
        "2.3.0rc1",
        "2.3.0rc2",
        "2.3.0rc3",
        "2.3.0rc4",
        "2.3.1",
        "2.3.1rc1",
        "2.3.2",
        "2.3.2rc1",
        "2.3.3",
        "2.3.3rc1",
        "2.3.3rc2",
        "2.3.3rc3",
        "2.3.4",
        "2.3.4rc1",
        "3.0.0",
        "3.0.0rc1",
        "3.0.0rc2",
        "3.0.0rc3",
        "3.0.0rc4",
        "3.0.1",
        "3.0.1rc1",
        "3.1.0",
        "3.1.0rc1",
        "3.1.0rc2",
        "3.1.0rc3",
        "3.1.1",
        "3.1.1rc1",
        "3.1.1rc2",
        "3.1.1rc3",
        "3.2.0",
        "3.2.0rc1",
        "3.2.0rc2",
        "3.2.1",
        "3.2.1rc1",
        "3.2.2",
        "3.2.2rc1",
        "3.2.3",
        "3.2.3rc1",
        "3.2.3rc2",
        "3.3.0",
        "3.3.0rc1",
        "3.3.1",
        "3.3.1rc1",
        "3.3.2",
        "3.3.2rc1",
        "3.3.3",
        "3.3.3rc1",
        "3.3.4",
        "3.3.4rc1",
        "3.4.0",
        "3.4.0rc1",
        "3.4.0rc2",
        "3.4.1",
        "3.4.1rc1",
        "3.4.1rc2",
        "3.4.1rc3",
        "3.4.2",
        "3.4.2rc1",
        "3.4.3",
        "3.4.3rc1",
        "3.4.3rc2",
        "3.4.4",
        "3.4.4rc1",
        "3.4.5",
        "3.4.5rc1",
        "4.0.0",
        "4.0.0rc1",
        "4.0.0rc2",
        "4.0.0rc3",
        "4.0.1rc1",
        "4.1.0",
        "4.1.1",
        "4.1.1rc1",
        "4.1.2",
        "4.1.2rc1",
        "4.1.3rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31177",
    "GHSA-32ff-4g79-vgfc"
  ],
  "details": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.",
  "id": "PYSEC-2022-247",
  "modified": "2022-08-08T16:56:55.240734Z",
  "published": "2022-08-01T19:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3"
    }
  ]
}

ghsa-32ff-4g79-vgfc

Vulnerability from github

Published

2022-07-29 22:28

Modified

2025-03-07 19:09

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

Details

Impact

An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users.

Only when using AUTH_DB database authentication option.

Patches

Fixed on 4.1.3

For more information

If you have any questions or comments about this advisory: * Open an issue in example link to repo * Email us at example email address

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Flask-AppBuilder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-29T22:28:12Z",
    "nvd_published_at": "2022-08-01T19:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users.\n\nOnly when using `AUTH_DB` database authentication option.\n\n### Patches\nFixed on 4.1.3\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)",
  "id": "GHSA-32ff-4g79-vgfc",
  "modified": "2025-03-07T19:09:38Z",
  "published": "2022-07-29T22:28:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31177"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings"
}

Action not permitted

CVE-2022-31177

Vulnerability from cvelistv5

gsd-2022-31177

Vulnerability from gsd

pysec-2022-247

Vulnerability from pysec

ghsa-32ff-4g79-vgfc

Vulnerability from github

Impact

Patches

For more information

Tags