CVE-2021-43777 : Redash is a package for data visualization and sharing. In Redash version 10.0 a

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.

Published 2021-11-24 16:15:14

Updated 2021-11-30 15:39:24

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)Open redirect

Products affected by CVE-2021-43777

Redash » Redash
Versions up to, including, (<=) 10.0.0
cpe:2.3:a:redash:redash:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-43777

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-43777

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
6.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N	1.6	5.2	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2021-43777

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: security-advisories@github.com (Secondary)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-43777

https://github.com/getredash/redash/security/advisories/GHSA-vhc7-w7r8-8m34

Insecure use of state parameter for Google OAuth Login · Advisory · getredash/redash · GitHub
Third Party Advisory
https://github.com/getredash/redash/commit/da696ff7f84787cbf85967460fac52886cbe063e

Merge pull request from GHSA-vhc7-w7r8-8m34 · getredash/redash@da696ff · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-43777

Products affected by CVE-2021-43777

Exploit prediction scoring system (EPSS) score for CVE-2021-43777

CVSS scores for CVE-2021-43777

CWE ids for CVE-2021-43777

References for CVE-2021-43777