Redash 漏洞列表
共找到 4 个与 Redash 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2021-41192: Redash Setup Configuration - Default Secrets Disclosure POC
Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. -
CVE-2021-41192: Redash Setup Configuration - Default Secrets Disclosure POC
Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. -
redash-installer: Redash Installer Exposure POC
Redash is susceptible to the Installation page exposure due to misconfiguration. -
Redash存在重复安装重置密码漏洞(CVE-2021-41192) 无POC
Redash是一个浅析数据查询与可视化工具。该系统小于<=10.0的版本存在重复安装重置密码漏洞