Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-7458

Опубликовано: 28 июл. 2016
Источник: redhat
CVSS3: 2.9
CVSS2: 1.2
EPSS Низкий

Описание

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

A permissions flaw was found in Redis, where redis-cli stores its history in ~/.rediscli_history. The file is created with permissions 0644, which could lead to the exposure of sensitive data for users with world-readable home directories.

Отчет

Red Hat Product Security has rated this issue as having security impact of Low. Further, home directories are not world readable on RHEL distributions (by default). This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)redisWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)redisWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational ToolsredisWill not fix
Red Hat OpenStack Platform 10 (Newton)redisWill not fix
Red Hat OpenStack Platform 8 (Liberty)redisWill not fix
Red Hat OpenStack Platform 8 (Liberty) Operational ToolsredisWill not fix
Red Hat OpenStack Platform 9 (Mitaka)redisWill not fix
Red Hat OpenStack Platform 9 (Mitaka) Operational ToolsredisWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1363670redis: world-readable ~/.rediscli_history

EPSS

Процентиль: 9%
0.00031
Низкий

2.9 Low

CVSS3

1.2 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-7458

CVSS3: 3.3
ubuntu
больше 9 лет назад

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

nvd логотип

CVE-2013-7458

CVSS3: 3.3
nvd
больше 9 лет назад

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

debian логотип

CVE-2013-7458

CVSS3: 3.3
debian
больше 9 лет назад

linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...

github логотип

GHSA-gfx7-7mf7-vcxx

CVSS3: 3.3
github
больше 3 лет назад

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

suse-cvrf логотип

SUSE-OU-2020:3291-1

suse-cvrf
около 5 лет назад

Optional update for python-redis and redis

EPSS

Процентиль: 9%
0.00031
Низкий

2.9 Low

CVSS3

1.2 Low

CVSS2