12 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-41053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this...
Advisory ROSA-SA-2024-2452
software: redis 7.0.14 OS: ROSA-CHROME packageevrstring: redis-7.0.14-1 CVE-ID: CVE-2023-41053 BDU-ID: 2023-05475 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an...
openSUSE: Security Advisory for redis7 (SUSE-SU-2023:3711-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-41053
creationtimestamp| type| source ---|---|--- 2024-02-08 03:41:29+00:00| seen| https://t.me/ctinow/181140...
Fedora 39 : redis (2023-5a7cc198c2)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5a7cc198c2 advisory. Redis 7.2.1 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...
SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:3711-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3711-1 advisory. - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094. Tenable has extracted the preceding description block...
SUSE-SU-2023:3711-1 Security update for redis7
This update for redis7 fixes the following issues: - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094...
Fedora 38 : redis (2023-03422cb8de)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-03422cb8de advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...
Fedora 37 : redis (2023-0e9e7544df)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0e9e7544df advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...
FreeBSD : redis -- Possible bypassing ACL configuration (6c72b13f-4d1d-11ee-a7f1-080027f5fec9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6c72b13f-4d1d-11ee-a7f1-080027f5fec9 advisory. - Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed...
CVE-2023-41053 vulnerabilities
Vulnerabilities for packages: redis...
CVE-2023-41053
CVE-2023-41053 affects Redis 7.0+ where SORT_RO can bypass ACL checks, potentially exposing keys not authorized by the ACL. The root cause is improper key identification for SORT_RO, enabling access to non-permitted keys under existing ACLs. Documented impact is an ACL bypass with local access re...