Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2019-10768 Vulnerability in maven package org.webjars.bower:angular

CVE-2020-2218 Vulnerability in maven package org.jenkins-ci.plugins:hp-quality-center

CVE-2018-12542 Vulnerability in maven package io.vertx:vertx-web

CVE-2022-31198 Vulnerability in npm package @openzeppelin/contracts

CVE-2020-10719 Vulnerability in maven package io.undertow:undertow-core

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes