Authenticated Server-Side Request Forgery Vulnerability in Redash Open Source Data Visualization Tool
CVE-2020-12725

7.2HIGH

Key Information:

Vendor

Redash

Status
Redash
Vendor
CVE Published:
11 June 2020

What is CVE-2020-12725?

Havoc Research identified an authenticated Server-Side Request Forgery (SSRF) in the JSON data source of Redash, an open-source data visualization tool. This vulnerability affects Redash versions 8.0.0 and earlier, allowing attackers to manipulate HTTP requests by adding custom headers and choosing any HTTP method. As a result, this SSRF could potentially lead to unauthorized access to internal services and sensitive data. It is essential to review and update your Redash installation to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://blog.redash.io
x_refsource_MISC
https://github.com/getredash/redash/commits/master
x_refsource_MISC
https://github.com/getredash/redash/issues/4869
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.