Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv3

CVE-2023-41053

Published: 06/09/2023 Updated: 16/09/2023
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Redis

Vulnerability Summary

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redis redis 7.2.0

redis redis

Vendor Advisories

Debian CVElist Bug Report Logs: redis: CVE-2023-41053
Debian Bug report logs - #1051512 redis: CVE-2023-41053 Package: src:redis; Maintainer for src:redis is Chris Lamb <lamby@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Sep 2023 21:03:04 UTC Severity: important Tags: security, upstream Found in version redis/5:7012-2 Fixed in vers ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Redis is an in-memory database that persists on disk Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration The problem exists in Redis 70 or newer an ...

References

CWE-269https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwchttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051512https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-41053
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook