CVE-2020-12725

Name of the Vulnerable Software and Affected Versions Redash open-source versions 8.0.0 and prior

Description An authenticated Server-Side Request Forgery (SSRF) was discovered via the JSON data source. This issue provides flexibility in crafting HTTP requests, such as adding headers and selecting any HTTP verb. Possibly, other connectors are affected.

Recommendations For Redash open-source versions 8.0.0 and prior, consider disabling the JSON data source as a temporary workaround until a patch is available. Restrict access to potentially vulnerable connectors to minimize the risk of exploitation.