Authenticated Server-Side Request Forgery (SSRF) Vulnerability in Redash Open-Source 8.0.0 and Prior

Authenticated Server-Side Request Forgery (SSRF) Vulnerability in Redash Open-Source 8.0.0 and Prior

CVE-2020-12725 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.

Learn more about our Cis Benchmark Audit For Server Software.