Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-41053

Published: September 6, 2023Last modified: September 7, 2023

Description

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity score breakdown

ParameterValue
Base score3.3
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSredisFixed (7.0.13-r0)
StreamredisFixed (7.2.1-r0)

References

Published BELL-SAs

ON THIS PAGE