CVE-2023-45145

Summary

CVE-2023-45145 is a vulnerability in Redis, an in-memory database that persists on disk. This vulnerability affects Redis versions 2.6.0-RC1 and onwards, impacting a wide range of products. The vulnerability occurs when Redis starts listening on a Unix socket and adjusts its permissions based on user configuration, creating a race condition that allows an unauthorized connection for a short period of time. To remediate this issue, users are advised to upgrade to Redis versions 7.2.2, 7.0.14, or 6.2.14. If upgrading is not possible, users can disable Unix sockets, start Redis with a restrictive umask, or store the Unix socket file in a protected directory. The potential danger of this vulnerability lies in the unauthorized access it enables during the race condition period, which could lead to unauthorized data access or other malicious activities within an organization's systems and networks. Note: The above summary is constructed using the provided information without additional external sources as it contains sufficient details to create an informative report.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.