Q: Who is affected? (Versions/Components)

👥 **Affected**: **Redash** versions **10.0.0 and earlier**. 📦 **Component**: The session management mechanism relying on `REDASH_COOKIE_SECRET`/`REDASH_SECRET_KEY`.

Q: Is exploitation threshold high? (Auth/Config)

⚡ **Threshold**: **LOW**. 🔑 **Auth**: Requires **Low Privilege** (PR:L) to access the instance initially. ⚙️ **Config**: Exploits **misconfiguration** (missing env vars). No UI interaction needed (UI:N).

Q: Is there a public Exp? (PoC/Wild Exploitation)

🔓 **Public Exp?**: **YES**. 📜 **PoC**: Available via **Nuclei templates** (projectdiscovery) and GitHub advisories. 🌍 **Wild Exp**: High risk due to predictable default secrets.

Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fixed?**: **YES**. 🔧 **Patch**: Official commit `ce60d20` addresses the issue. 📢 **Advisory**: GHSA-g8xr-f424-h2rv confirms the fix.

Q: Is it urgent? (Priority Suggestion)

🔥 **Urgency**: **HIGH**. ⚠️ **Priority**: Critical for any unpatched Redash instance. 📉 **Impact**: High Confidentiality/Integrity impact (C:H, I:H). Fix immediately to prevent session hijacking.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: Redash <=10.0.0 uses **hardcoded default secrets** for session cookies.…

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **Root Cause**: **CWE-1188** (Insecure Default Initialization of Resource).…

Question 3

Who is affected? (Versions/Components)

Accepted Answer

👥 **Affected**: **Redash** versions **10.0.0 and earlier**.
📦 **Component**: The session management mechanism relying on `REDASH_COOKIE_SECRET`/`REDASH_SECRET_KEY`.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

🕵️ **Attacker Actions**:
1. **Forge Sessions**: Create valid auth tokens using the default secret.
2. **Full Access**: Bypass login to view/edit dashboards, queries, and sensitive data.
3.…

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

⚡ **Threshold**: **LOW**.
🔑 **Auth**: Requires **Low Privilege** (PR:L) to access the instance initially.
⚙️ **Config**: Exploits **misconfiguration** (missing env vars). No UI interaction needed (UI:N).

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

🔓 **Public Exp?**: **YES**.
📜 **PoC**: Available via **Nuclei templates** (projectdiscovery) and GitHub advisories.
🌍 **Wild Exp**: High risk due to predictable default secrets.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Self-Check**:
1. Scan for **Nuclei template** `CVE-2021-41192.yaml`.
2. Verify if `REDASH_COOKIE_SECRET` is **customized** in environment variables.
3.…

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fixed?**: **YES**.
🔧 **Patch**: Official commit `ce60d20` addresses the issue.
📢 **Advisory**: GHSA-g8xr-f424-h2rv confirms the fix.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **No Patch?**:
1. **Immediately set** `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY` to **strong, random values**.
2. **Rotate** all existing sessions/tokens.
3.…

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔥 **Urgency**: **HIGH**.
⚠️ **Priority**: Critical for any unpatched Redash instance.
📉 **Impact**: High Confidentiality/Integrity impact (C:H, I:H). Fix immediately to prevent session hijacking.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-41192 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring