{"uuid": "85c9d6a6-81fd-476c-87a4-7c03fb8d4253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41192", "type": "published-proof-of-concept", "source": "https://t.me/m1swarr1or/52", "content": "Redash Exploiting (CVE-2021-41192)\n\nRedash is a package for data visualization and sharing. \nIf an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.\n\nhttps://ian.sh/redash\n\n#redash #cve #research", "creation_timestamp": "2022-01-07T09:08:06.000000Z"}