daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sun Feb 27 10:32:13 UTC 2022] 🤖

patch-1
GitHub Action 2022-02-27 10:32:13 +00:00
parent eaed68d629
commit 01064ceeab
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-41192.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2021-41192
info:
name: Redash Setup Configuration - Default secrets
author: bananabr
severity: high
severity: medium
description: If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.
reference:
- https://hackerone.com/reports/1380121
@ -12,6 +12,11 @@ info:
metadata:
shodan-query: http.favicon.hash:698624197
tags: cve,cve2021,redash,auth-bypass
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cvss-score: 6.50
cve-id: CVE-2021-41192
cwe-id: CWE-1188
requests:
- method: GET