Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2021-21317 Vulnerability in npm package uap-core

CVE-2022-37223 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core

CVE-2022-24278 Vulnerability in npm package convert-svg-core

CVE-2023-27095 Vulnerability in maven package cn.hippo4j:hippo4j-core

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes