3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.4%
redis is vulnerable to Information Disclosure. The vulnerability allows an attacker to access keys that they are not authorized to access by using the SORT_RO
command. An attacker could exploit this vulnerability by sending a specially crafted SORT_RO
command to a vulnerable Redis instance which could allow the attacker to access sensitive data, such as user passwords or account information.
github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6
github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
lists.fedoraproject.org/archives/list/[email protected]/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/
lists.fedoraproject.org/archives/list/[email protected]/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/
lists.fedoraproject.org/archives/list/[email protected]/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/
security-tracker.debian.org/tracker/CVE-2023-41053
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.4%