Cyber Resilience

CVE-2024-45314

Low

Published: 04 September 2024

Published
04 September 2024
Modified
15 October 2025
KEV Added
Patch
CVSS Score v3.1 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score 0.0013 32.6th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45314 is a low-severity Use of Web Browser Cache Containing Sensitive Information (CWE-525) vulnerability in Dpgaspar Flask-Appbuilder. Its CVSS base score is 3.6 (Low).

Operationally, ranked at the 32.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a…

more

patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dpgaspar
flask-appbuilder
≤ 4.5.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References