BIT-redis-2023-41053

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/redis/BIT-redis-2023-41053.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-redis-2023-41053
Aliases
Published
2024-03-06T11:03:44.599Z
Modified
2025-01-14T12:12:02.933690Z
Summary
[none]
Details

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:redis:redis:7.2.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:redis:redis:7.2.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:redis:redis:7.2.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:redis:redis:7.2.0:rc3:*:*:*:*:*:*"
    ],
    "severity": "Low"
}
References

Affected packages

Bitnami / redis

Package

Name
redis
Purl
pkg:bitnami/redis

Severity

  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.0.0
Fixed
7.0.13
Type
SEMVER
Events
Introduced
7.2.0
Last affected
7.2.0
Introduced
7.2.0-rc1
Last affected
7.2.0-rc1
Introduced
7.2.0-rc2
Last affected
7.2.0-rc2
Introduced
7.2.0-rc3
Last affected
7.2.0-rc3