CVE-2013-7458Sensitive Information Exposure in Redis

CWE-200Sensitive Information ExposureCWE-732Incorrect Permission Assignment9 documents7 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 93.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RedisRedislabs RedisDebian Linux
Timeline
PublishedAug 10
Latest updateMay 14

Description

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

Debianredis/redis< 2:3.2.1-4+3
NVDredislabs/redis3.2.2

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-gfx7-7mf7-vcxx: linenoise, as used in Redis before 32022-05-14
CVEList
CVE-2013-7458: linenoise, as used in Redis before 32016-08-10
OSV
CVE-2013-7458: linenoise, as used in Redis before 32016-08-10

📋Vendor Advisories

2
Red Hat
redis: world-readable ~/.rediscli_history2016-07-28
Debian
CVE-2013-7458: redis - linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .r...2013

💬Community

3
Bugzilla
CVE-2013-7458 redis: world-readable ~/.rediscli_history [fedora-all]2016-08-03
Bugzilla
CVE-2013-7458 redis: world-readable ~/.rediscli_history2016-08-03
Bugzilla
CVE-2013-7458 redis: world-readable ~/.rediscli_history [epel-all]2016-08-03
CVE-2013-7458 — Sensitive Information Exposure in Redis | cvebase