Описание
Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.0 (включая)
cpe:2.3:a:redash:redash:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00746
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
больше 3 лет назад
Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.
EPSS
Процентиль: 73%
0.00746
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918