Use of Web Browser Cache Containing Sensitive Information

CVE-2024-45314

Medium

5.5/10

Summary

Flask-AppBuilder is an application development framework. In versions through 4.5.0, and 5.0.0rc1 through 5.0.0a2, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. If upgrading is not possible, configure one's web server to send the specific HTTP headers for "/login" per the directions provided in the GitHub Security Advisory.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-525 - Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Sep 04, 2024

Use of Web Browser Cache Containing Sensitive Information

CVE-2024-45314

Summary

CWE-525 - Use of Web Browser Cache Containing Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS