CVE-2022-24735

Exploit

EPSS 1.95%
Published 27.04.2022 20:15:09
Last modified 21.11.2024 06:50:58
Source security-advisories@github.com
Teams watchlist Login
Open Login

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Affected products Warnungen 0 Metrics 4 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Redis ≫ Redis Version < 6.2.7

Redis ≫ Redis Version7.0 Updaterc1

Redis ≫ Redis Version7.0 Updaterc2

Redis ≫ Redis Version7.0 Updaterc3

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Netapp ≫ Management Services For Element Software Version-

Netapp ≫ Management Services For Netapp Hci Version-

Oracle ≫ Communications Operations Monitor Version4.3

Oracle ≫ Communications Operations Monitor Version4.4

Oracle ≫ Communications Operations Monitor Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.95%	0.827

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
security-advisories@github.com	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://security.gentoo.org/glsa/202209-17

Third Party Advisory

https://github.com/redis/redis/pull/10651

Third Party Advisory

Exploit

https://github.com/redis/redis/releases/tag/6.2.7

Third Party Advisory

Release Notes

https://github.com/redis/redis/releases/tag/7.0.0