Description
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
Remediation
References
https://github.com/getredash/redash/issues/5426
https://github.com/getredash/redash/releases
Related Vulnerabilities
CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth
CVE-2021-20323 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract
CVE-2019-10778 Vulnerability in npm package devcert-sanscache