Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin

CVE-2022-35915 Vulnerability in npm package openzeppelin-eth

CVE-2021-20323 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract

CVE-2019-10778 Vulnerability in npm package devcert-sanscache

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes