Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2022-28158 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

CVE-2021-39185 Vulnerability in maven package org.http4s:http4s-server

CVE-2021-21172 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-14966 Vulnerability in npm package jsrsasign

CVE-2013-2115 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes