Описание
Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form["email"], request.form["password"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {"username": username} code lacks sanitization.
Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form["email"], request.form["password"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {"username": username} code lacks sanitization.
Связанные уязвимости
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.