Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2018-20677 Vulnerability in npm package bootstrap

CVE-2020-7792 Vulnerability in maven package org.webjars.npm:mout

CVE-2023-35160 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-30500 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

CVE-2021-21320 Vulnerability in npm package matrix-react-sdk

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes