BIT-redash-2020-36144

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/redash/BIT-redash-2020-36144.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-redash-2020-36144

Aliases

CVE-2020-36144

Published

2024-03-06T11:03:38.798Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

Database specific

{
    "cpes": [
        "cpe:2.3:a:redash:redash:8.0.0:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://github.com/getredash/redash/issues/5426
https://github.com/getredash/redash/releases

Affected packages

Bitnami / redash

Package

Name: redash
Purl: pkg:bitnami/redash

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Last affected

8.0.0