Getredash Redash vulnerabilities
3 known vulnerabilities affecting getredash/redash.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-41192P3MEDIUMCVSS 6.5PoC≤ 10.0.02021-11-24
CVE-2021-41192 [MEDIUM] CWE-1188 CVE-2021-41192: Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 a
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being a
nvd
CVE-2021-43780P3HIGHCVSS 8.8≤ 10.0.02021-11-24
CVE-2021-43780 [HIGH] CWE-918 CVE-2021-43780: Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementati
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of public
nvd
CVE-2021-43777P4MEDIUMCVSS 6.1≤ 10.02021-11-24
CVE-2021-43777 [MEDIUM] CWE-352 CVE-2021-43777: Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implem
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted
nvd