{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T20:36:26.363","vulnerabilities":[{"cve":{"id":"CVE-2025-24023","sourceIdentifier":"security-advisories@github.com","published":"2025-03-03T16:15:41.820","lastModified":"2025-03-07T21:44:56.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3."},{"lang":"es","value":"Flask-AppBuilder es un framework de desarrollo de aplicaciones. Antes de la versión 4.5.3, Flask-AppBuilder permite a los usuarios no autenticados enumerar nombres de usuario existentes cronometrando el tiempo de respuesta del servidor cuando se fuerzan solicitudes de inicio de sesión. Esta vulnerabilidad se solucionó en la versión 4.5.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.3","matchCriteriaId":"BF28CA72-015B-43B1-A97C-02EA08C00137"}]}]}],"references":[{"url":"https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}