Redash Exploiting (CVE-2021-41192)
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
https://ian.sh/redash
#redash #cve #research
Redash is a package for data visualization and sharing.
If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the
REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.https://ian.sh/redash
#redash #cve #research