CVE-2023-29005

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.0

Description The issue is related to the lack of rate limiting, which can allow an attacker to brute-force user credentials. This can be exploited by attackers to gain unauthorized access. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 4.3.0, update to version 4.3.0 or later and enable rate limiting by setting AUTH RATE LIMITED = True, RATELIMIT ENABLED = True, and configuring an AUTH RATE LIMIT. As a temporary workaround, consider implementing rate limiting using a reverse proxy or other strategies.