ALT-PU-2016-2249-1
Closed vulnerabilities
Published: 2016-08-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-7458
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
Severity: LOW (3.3)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
- openSUSE-SU-2016:1980
- openSUSE-SU-2016:1980
- openSUSE-SU-2016:1981
- openSUSE-SU-2016:1981
- DSA-3634
- DSA-3634
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460
- https://github.com/antirez/linenoise/issues/121
- https://github.com/antirez/linenoise/issues/121
- https://github.com/antirez/linenoise/pull/122
- https://github.com/antirez/linenoise/pull/122
- https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES
- https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES
- https://github.com/antirez/redis/issues/3284
- https://github.com/antirez/redis/issues/3284
- https://github.com/antirez/redis/pull/1418
- https://github.com/antirez/redis/pull/1418
- https://github.com/antirez/redis/pull/3322
- https://github.com/antirez/redis/pull/3322