CVE-2024-45314

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.5.1

Description The auth DB login form default cache directives in Flask-AppBuilder allow browsers to locally store sensitive data. This can be an issue in environments using shared computer resources.

Recommendations For versions prior to 4.5.1, upgrade to version 4.5.1 to resolve the issue. If upgrading is not possible, configure your web server to send the specific HTTP headers for "/login", including "Cache-Control": "no-store, no-cache, must-revalidate, max-age=0", "Pragma": "no-cache", and "Expires": "0".