Description

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Remediation

References

https://github.com/getredash/redash/issues/5426

https://github.com/getredash/redash/releases

Related Vulnerabilities

CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro

CVE-2022-39250 Vulnerability in npm package matrix-js-sdk

CVE-2020-23622 Vulnerability in maven package org.fourthline.cling:cling-core

CVE-2020-28268 Vulnerability in npm package controlled-merge

CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

Severity

Medium

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Release Notes