CVE-2020-36144
MEDIUMRedash 8.0.0 - LDAP Injection via Username Search Filter
Title source: llmDescription
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/getredash/redash/releases
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/getredash/redash/issues/5426
Scores
CVSS v3
5.3
EPSS
0.0093
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-74
Status
published
Products (1)
redash/redash
8.0.0
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026