{"id":"GHSA-fw5r-6m3x-rh7p","summary":"Flask-AppBuilder's login form allows browser to cache sensitive fields ","details":"### Impact\nAuth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.\n\n### Patches\nUpgrade flask-appbuilder to version 4.5.1\n\n### Workarounds\nIf upgrading is not possible configure your web server to send the following HTTP headers for /login:\n\"Cache-Control\": \"no-store, no-cache, must-revalidate, max-age=0\"\n\"Pragma\": \"no-cache\"\n\"Expires\": \"0\" \n","aliases":["CVE-2024-45314"],"modified":"2026-02-04T03:51:39.479571Z","published":"2024-09-04T18:12:16Z","related":["CGA-89jc-5wf8-844g"],"database_specific":{"severity":"MODERATE","nvd_published_at":"2024-09-04T16:15:08Z","cwe_ids":["CWE-525"],"github_reviewed":true,"github_reviewed_at":"2024-09-04T18:12:16Z"},"references":[{"type":"WEB","url":"https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45314"},{"type":"WEB","url":"https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636"},{"type":"PACKAGE","url":"https://github.com/dpgaspar/Flask-AppBuilder"}],"affected":[{"package":{"name":"flask-appbuilder","ecosystem":"PyPI","purl":"pkg:pypi/flask-appbuilder"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1"}]}],"versions":["0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19","0.1.20","0.1.21","0.1.22","0.1.23","0.1.24","0.1.25","0.1.26","0.1.27","0.1.28","0.1.29","0.1.3","0.1.33","0.1.34","0.1.35","0.1.36","0.1.37","0.1.38","0.1.4","0.1.43","0.1.44","0.1.45","0.1.46","0.1.47","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.2.0","0.2.1","0.2.2","0.3.0","0.3.1","0.3.10","0.3.11","0.3.12","0.3.13","0.3.14","0.3.15","0.3.16","0.3.17","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.2","0.4.3","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.6.1","0.6.10","0.6.11","0.6.12","0.6.13","0.6.14","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.9.0","0.9.1","0.9.2","0.9.3","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.1.3","1.10.0","1.11.0","1.11.1","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.12.5","1.13.0","1.13.1","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","1.7.1","1.8.0","1.8.1","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","2.0.0","2.1.0","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.2.0","2.2.0rc1","2.2.0rc2","2.2.1","2.2.1rc1","2.2.1rc2","2.2.1rc3","2.2.2","2.2.2rc1","2.2.2rc2","2.2.2rc3","2.2.3","2.2.3rc1","2.2.3rc2","2.2.3rc3","2.2.3rc4","2.2.3rc5","2.2.3rc6","2.2.4","2.2.4rc1","2.3.0","2.3.0rc1","2.3.0rc2","2.3.0rc3","2.3.0rc4","2.3.1","2.3.1rc1","2.3.2","2.3.2rc1","2.3.3","2.3.3rc1","2.3.3rc2","2.3.3rc3","2.3.4","2.3.4rc1","3.0.0","3.0.0rc1","3.0.0rc2","3.0.0rc3","3.0.0rc4","3.0.1","3.0.1rc1","3.1.0","3.1.0rc1","3.1.0rc2","3.1.0rc3","3.1.1","3.1.1rc1","3.1.1rc2","3.1.1rc3","3.2.0","3.2.0rc1","3.2.0rc2","3.2.1","3.2.1rc1","3.2.2","3.2.2rc1","3.2.3","3.2.3rc1","3.2.3rc2","3.3.0","3.3.0rc1","3.3.1","3.3.1rc1","3.3.2","3.3.2rc1","3.3.3","3.3.3rc1","3.3.4","3.3.4rc1","3.4.0","3.4.0rc1","3.4.0rc2","3.4.1","3.4.1rc1","3.4.1rc2","3.4.1rc3","3.4.2","3.4.2rc1","3.4.3","3.4.3rc1","3.4.3rc2","3.4.4","3.4.4rc1","3.4.5","3.4.5rc1","4.0.0","4.0.0rc1","4.0.0rc2","4.0.0rc3","4.0.1rc1","4.1.0","4.1.1","4.1.1rc1","4.1.2","4.1.2rc1","4.1.3","4.1.3rc1","4.1.4","4.1.4rc1","4.1.5","4.1.5rc1","4.1.6","4.1.6rc1","4.1.7rc1","4.2.0","4.2.0rc1","4.2.1","4.2.1rc1","4.2.2rc1","4.3.0","4.3.0rc1","4.3.1","4.3.10","4.3.10rc1","4.3.11","4.3.11rc1","4.3.1rc1","4.3.2","4.3.2rc1","4.3.2rc2","4.3.3","4.3.3rc1","4.3.3rc2","4.3.4","4.3.4rc1","4.3.5","4.3.5rc1","4.3.5rc2","4.3.6","4.3.6rc1","4.3.7","4.3.7rc1","4.3.8","4.3.8rc1","4.3.9","4.3.9rc1","4.4.0","4.4.0rc1","4.4.1","4.4.1rc2","4.5.0","4.5.0rc1","4.5.1rc1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-fw5r-6m3x-rh7p/GHSA-fw5r-6m3x-rh7p.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"}]}