CVE-2013-7458

Published: Aug 10, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/antirez/redis/pull/3322

x_refsource_CONFIRM

openSUSE-SU-2016:1981

vendor-advisory

x_refsource_SUSE

https://github.com/antirez/redis/pull/1418

x_refsource_CONFIRM

https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES

x_refsource_CONFIRM

openSUSE-SU-2016:1980

vendor-advisory

x_refsource_SUSE

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460

x_refsource_CONFIRM

https://github.com/antirez/linenoise/issues/121

x_refsource_CONFIRM

https://github.com/antirez/linenoise/pull/122

x_refsource_CONFIRM

DSA-3634

vendor-advisory

x_refsource_DEBIAN

https://github.com/antirez/redis/issues/3284

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-7458

Description

Affected Products

References