Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Thu, 26 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-06T20:22:30.797Z

Updated: 2024-09-26T15:12:37.194Z

Reserved: 2023-08-22T16:57:23.933Z

Link: CVE-2023-41053

cve-icon Vulnrichment

Updated: 2024-08-02T18:46:11.704Z

cve-icon NVD

Status : Modified

Published: 2023-09-06T21:15:14.137

Modified: 2023-09-16T04:15:23.450

Link: CVE-2023-41053

cve-icon Redhat

Severity : Low

Publid Date: 2023-09-06T00:00:00Z

Links: CVE-2023-41053 - Bugzilla