CNNVD-202509-1590 Information
CNNVD ID
CNNVD-202509-1590
Related CVE
- CNNVD Published: 2025-09-11
Description (Chinese)
Flask App Builder是Daniel Vaz Gaspar个人开发者的一个简单快速的应用程序开发框架。 Flask App Builder 4.8.1之前版本存在授权问题漏洞,该漏洞源于使用非数据库身份验证方法时未禁用密码重置功能,可能导致已禁用用户创建JWT令牌。
Description (English)
Flash App Builder is a simple and fast application development framework for Daniel Vaz Gaspar personal developers. The previous version of Flash App Builder 4.8.1 had a bug in authorization, which originated from the fact that the password resetting was not disabled when using a non-database authentication method and could lead to the creation of a JWT token by a disabled user.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
个人开发者
Published
2025-09-11
Last Modified
2026-02-24
References
https://github.com/dpgaspar/Flask-AppBuilder/pull/2384 https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1 https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2 https://access.redhat.com/security/cve/cve-2025-58065
Patch
https://github.com/dpgaspar/Flask-AppBuilder/releases
Share on: