FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Possible bypassing ACL configuration

Affected packages
7.0.0 <= redis < 7.0.13
7.2.0 <= redis < 7.2.1
redis-devel < 7.2.0.20230831
7.0.0 <= redis70 < 7.0.13

Details

VuXML ID 6c72b13f-4d1d-11ee-a7f1-080027f5fec9
Discovery 2023-09-06
Entry 2023-09-07

yangbodong22011 reports:

Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.

[source]

References

CVE Name CVE-2023-41053
URL https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.