PT-2023-4954 · Redis+6 · Redis+6

Yangbodong22011

·

Published

2023-09-06

·

Updated

2026-05-18

·

CVE-2023-41053

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions 7.0 through 7.0.12 Redis versions 7.2 through 7.2.0
Description The issue is related to insecure privilege management in Redis, an in-memory database that persists on disk. It does not correctly identify keys accessed by the SORT RO command, potentially granting users access to keys not explicitly authorized by the ACL configuration.
Recommendations For Redis versions 7.0 through 7.0.12, upgrade to version 7.0.13. For Redis versions 7.2 through 7.2.0, upgrade to version 7.2.1. As a temporary workaround, consider restricting access to the SORT RO command until a patch is available.

Exploit

Fix

Improper Privilege Management

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2024:10869
ALT-PU-2023-6422
ALT-PU-2025-11673
ALT-PU-2025-13204
BDU:2023-05475
BIT-KEYDB-2023-41053
BIT-REDIS-2023-41053
BIT-VALKEY-2023-41053
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2023-41053
DSA-5610-1
GHSA-Q4JR-5P56-4XWC
INFSA-2024_10869
OPENSUSE-SU-2023_3711-1
OPENSUSE-SU-2024:13354-1
RHSA-2024:10869
RHSA-2024_10869
ROSA-SA-2024-2452
SUSE-SU-2023:3711-1
SUSE-SU-2023_3711-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Red Hat
Red Os
Redis
Suse