Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2023-4061 Vulnerability in maven package org.wildfly.core:wildfly-controller

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab

CVE-2023-46659 Vulnerability in maven package org.jenkins-ci.plugins:trac

CVE-2019-14772 Vulnerability in npm package verdaccio

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes