What is CVE-2022-31177?

CVE-2022-31177 is a low-severity vulnerability in Dpgaspar Flask-appbuilder, classified under Information Disclosure. CVSS score: 2.7/10. Published 2022-08-01.

How severe is CVE-2022-31177?

Low severity. CVSS v3 base score is 2.7 out of 10.

Is CVE-2022-31177 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Dpgaspar Flask-appbuilder

CVE-2022-31177

Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters cou…

Vulnerability class: Information Disclosure

EPSS: 0.003 (57.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dpgaspar Flask-appbuilder — versions < 4.1.3

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc (x_refsource_CONFIRM)
github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31177?: CVE-2022-31177 is a low-severity vulnerability in Dpgaspar Flask-appbuilder, classified under Information Disclosure. CVSS score: 2.7/10. Published 2022-08-01.
How severe is CVE-2022-31177?: Low severity. CVSS v3 base score is 2.7 out of 10.
Is CVE-2022-31177 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.