BIT-redash-2020-36144

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/redash/BIT-redash-2020-36144.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-redash-2020-36144
Aliases
Published
2024-03-06T11:03:38.798Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redash:redash:8.0.0:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / redash

Package

Name
redash
Purl
pkg:bitnami/redash

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.0.0
Last affected
8.0.0