Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-45145

Опубликовано: 18 окт. 2023
Источник: redhat
CVSS3: 3.6
EPSS Низкий

Описание

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection.

Меры по смягчению последствий

It is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerNot affected
Red Hat 3scale API Management Platform 23scale-amp-system-containerNot affected
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Fuse 7redisNot affected
Red Hat Quay 3quay/quay-rhel8Fix deferred
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Satellite 6tfm-rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Software Collectionsrh-redis6-redisFix deferred
Red Hat Enterprise Linux 8redisFixedRHSA-2025:059522.01.2025
Red Hat Enterprise Linux 9redisFixedRHSA-2024:1086905.12.2024

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-269
https://bugzilla.redhat.com/show_bug.cgi?id=2244940redis: possible bypass of Unix socket permissions on startup

EPSS

Процентиль: 65%
0.0049
Низкий

3.6 Low

CVSS3

Связанные уязвимости

CVSS3: 3.6
ubuntu
почти 2 года назад

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

CVSS3: 3.6
nvd
почти 2 года назад

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

CVSS3: 3.6
debian
почти 2 года назад

Redis is an in-memory database that persists on disk. On startup, Redi ...

suse-cvrf
больше 1 года назад

Security update for redis7

suse-cvrf
почти 2 года назад

Security update for redis

EPSS

Процентиль: 65%
0.0049
Низкий

3.6 Low

CVSS3