qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Redash-10.0.0-default-SECRE...

63 lines
4.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Redash 10.0.0 default SECRET_KEY (CVE-2021-41192)",
"Description": "<p>Redash is a set of data integration and analysis solutions from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.</p><p>Redash 10.0.0 and earlier versions have a default SECRET_KEY, and attackers can forge sessions to reset passwords and obtain sensitive information.</p>",
"Product": "Redash",
"Homepage": "https://github.com/getredash/redash",
"DisclosureDate": "2022-01-04",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"redash_icon_small.png\" && body=\"Redash\"",
"GobyQuery": "body=\"redash_icon_small.png\" && body=\"Redash\"",
"Level": "2",
"Impact": "<p>Redash 10.0.0 and earlier versions have a default SECRET_KEY, and attackers can forge sessions to reset passwords and obtain sensitive information.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7\">https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Redash 10.0.0 版本默认秘钥漏洞CVE-2021-41192",
"VulType": ["其他"],
"Tags": ["其他"],
"Description": "<p>Redash是以色列Redash公司的一套数据整合分析解决方案。该产品支持数据整合、数据可视化、查询编辑和数据共享等。</p><p>Redash 10.0.0及之前版本存在默认SECRET_KEY攻击者可伪造session来重置密码获取敏感信息等。</p>",
"Impact": "<p>Redash 10.0.0及之前版本存在默认SECRET_KEY攻击者可伪造session来重置密码获取敏感信息等。</p>",
"Product": "Redash",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7\">https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Redash 10.0.0 default SECRET_KEY (CVE-2021-41192)",
"VulType": ["other"],
"Tags": ["other"],
"Description": "<p>Redash is a set of data integration and analysis solutions from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.</p><p>Redash 10.0.0 and earlier versions have a default SECRET_KEY, and attackers can forge sessions to reset passwords and obtain sensitive information.</p>",
"Impact": "<p>Redash 10.0.0 and earlier versions have a default SECRET_KEY, and attackers can forge sessions to reset passwords and obtain sensitive information.</p>",
"Product": "Redash",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7\">https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202111-2078"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"other"
],
"VulType": [
"other"
],
"CVEIDs": [
"CVE-2021-41192"
],
"CVSSScore": "6.5",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202111-2078"
],
"CNVD": [
"CNVD-2021-95240"
]
}
Reference in New Issue View Git Blame Copy Permalink