CVE-2024-45314

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-525
View all →

Vulnerability Description

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.

Related Vulnerabilities

CVE-2021-42015

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (A...

CWE-5252021

CVE-2023-27545

MEDIUM
CVSS:5.5(Medium)

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CWE-5252023

CVE-2024-25142

MEDIUM
CVSS:5.5(Medium)

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could resul...

CWE-5252024

CVE-2024-31906

MEDIUM
CVSS:6.2(Medium)

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024

CVE-2023-43035

MEDIUM
CVSS:4.0(Medium)

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252023

CVE-2024-22349

MEDIUM
CVSS:4.0(Medium)

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024