3.3

CVE-2023-41053

EPSS 0.59%
Published 06.09.2023 21:15:14
Last modified 21.11.2024 08:20:27
Source security-advisories@github.com
Teams watchlist Login
Open Login

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 7.0 < 7.0.13

Redis ≫ Redis Version7.2.0 Update-

Redis ≫ Redis Version7.2.0 Updaterc1

Redis ≫ Redis Version7.2.0 Updaterc2

Redis ≫ Redis Version7.2.0 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.59%	0.684

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6

Patch

https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/

https://nvd.nist.gov/vuln/detail/CVE-2023-41053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41053

EUVD