PT-2023-4954 · Redis+6 · Redis+6
Yangbodong22011
·
Publicado
2023-09-06
·
Atualizado
2026-05-18
·
CVE-2023-41053
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Redis versions 7.0 through 7.0.12
Redis versions 7.2 through 7.2.0
Description
The issue is related to insecure privilege management in Redis, an in-memory database that persists on disk. It does not correctly identify keys accessed by the
SORT RO command, potentially granting users access to keys not explicitly authorized by the ACL configuration.Recommendations
For Redis versions 7.0 through 7.0.12, upgrade to version 7.0.13.
For Redis versions 7.2 through 7.2.0, upgrade to version 7.2.1.
As a temporary workaround, consider restricting access to the
SORT RO command until a patch is available.Exploit
Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Red Hat
Red Os
Redis
Suse