The page returned access denied. This made me check the cookies
The session cookie is a JWT token.
I used flask-unsign to get the password and create a new cookie with permissions set to true.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/flask
