FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- sensitive information leak through command history file

Affected packages
redis < 3.2.3
redis-devel < 3.2.3

Details

VuXML ID fa175f30-8c75-11e6-924a-60a44ce6887b
Discovery 2013-11-30
Entry 2016-10-11

Redis team reports:

The redis-cli history file (in linenoise) is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users.

[source]

References

CVE Name CVE-2013-7458
URL https://github.com/antirez/redis/issues/3284
URL https://github.com/antirez/redis/pull/1418

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.