Lightdash 漏洞列表

Lightdash是一款数据分析平台，它可以让数据团队和其他业务部门聚集在一起以做出更好的数据驱动决策 Lightdash 0.510.3之前版本存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。 Fofa: title=="Lightdash"

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.

Lightdash是为快速开发团队开放源代码 BI 系统，在漏洞收录时在GitHub平台有2.6k+star，在版本 <= 0.506.4容易受到路径遍历攻击，允许攻击者访问服务器上的任意文件。