CVE-2013-7458

Published: Aug 10, 2016Modified: May 6, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Affected (2)

Products: Redislabs: Redis · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redislabs Redis	Up to 3.2.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (20)

http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html

Source: security@debian.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html

Source: security@debian.org

Mailing ListThird Party Advisory

http://www.debian.org/security/2016/dsa-3634

Source: security@debian.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460

Source: security@debian.org

Mailing ListThird Party Advisory

https://github.com/antirez/linenoise/issues/121

Source: security@debian.org

PatchThird Party Advisory

https://github.com/antirez/linenoise/pull/122

Source: security@debian.org

PatchThird Party Advisory

https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES

Source: security@debian.org

Release Notes

https://github.com/antirez/redis/issues/3284

Source: security@debian.org

PatchThird Party Advisory

https://github.com/antirez/redis/pull/1418

Source: security@debian.org

Issue TrackingPatchThird Party Advisory

https://github.com/antirez/redis/pull/3322

Source: security@debian.org

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html