CVE-2023-34110

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.2

Description An authenticated malicious actor with Admin privileges could trigger a database error by adding a special character on the add or edit User forms. This error can be surfaced back to the actor on the UI and, on certain database engines, may include the entire user row, including the pbkdf2:sha256 hashed password.

Recommendations For versions prior to 4.3.2, update to version 4.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the add and edit User forms for users with Admin privileges until the update is applied.