Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-43777

Date: November 23, 2021

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the "state" parameter to pass the next URL to redirect the user to after login. The "state" parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the "master" and "release/10.x.x" branches addresses this by replacing "Flask-Oauthlib" with "Authlib" which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.

Language: Python

Severity Score

Related Resources (4)

https://github.com/getredash/redash/commit/da696ff7f84787cbf85967460fac52886cbe063e
https://nvd.nist.gov/vuln/detail/CVE-2021-43777
https://github.com/getredash/redash/security/advisories/GHSA-vhc7-w7r8-8m34
https://www.mend.io/vulnerability-database/CVE-2021-43777

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us