Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2020-7656 Vulnerability in maven package org.fujion.webjars:jquery

CVE-2022-24759 Vulnerability in npm package @chainsafe/libp2p-noise

CVE-2021-21322 Vulnerability in npm package fastify-http-proxy

CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_2.12

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes