Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/releases

https://github.com/getredash/redash/issues/5426

Related Vulnerabilities

CVE-2019-10790 Vulnerability in npm package taffy

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-logparser

CVE-2017-16133 Vulnerability in npm package goserv

CVE-2020-15366 Vulnerability in maven package org.webjars.bowergithub.ajv-validator:ajv

CVE-2018-3721 Vulnerability in maven package org.webjars.bower:lodash

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Release Notes Third Party Advisory Issue Tracking