Published: 10/08/2016 Updated: 08/08/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

linenoise, as used in Redis prior to 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redislabs redis
debian debian linux 8.0

Debian Bug report logs - #832460 redis: CVE-2013-7458: world-readable rediscli_history file Package: redis-tools; Maintainer for redis-tools is Chris Lamb <lamby@debianorg>; Source for redis-tools is src:redis (PTS, buildd, popcon) Reported by: kpcyrd <kpcyrd@rxvcc> Date: Mon, 25 Jul 2016 19:51:02 UTC Severity: g ...

CWE-200 https://github.com/antirez/redis/issues/3284 https://github.com/antirez/redis/pull/3322 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460 https://github.com/antirez/linenoise/pull/122 https://github.com/antirez/linenoise/issues/121 https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES https://github.com/antirez/redis/pull/1418 http://www.debian.org/security/2016/dsa-3634 http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-7458

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect