-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from the UserModelView's query implementation allowing filters on sensitive password hash fields. Since the impact specifically mentions filtering via crafted HTTP requests and partial hash inference, this points to the user model view's filtering capabilities being improperly exposed. The patch in 4.1.3 likely removed password fields from allowed filter columns, which would be implemented in the view's query configuration. The high confidence comes from the direct match between the vulnerability description (filtering via URL parameters) and Flask-AppBuilder's ModelView query architecture.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Flask-AppBuilder | pip | < 4.1.3 | 4.1.3 |
KEV Misses 88% of Exploited CVEs- Get the report