CVE-2023-45145

CVSS 3.1 Score 3.6 of 10 (low)

Details

Published Oct 18, 2023
Updated: Jan 21, 2024
CWE ID 668

Summary

CVE-2023-45145 is a vulnerability in Redis, an in-memory database that persists on disk. This vulnerability affects Redis versions 2.6.0-RC1 and onwards, impacting a wide range of products. The vulnerability occurs when Redis starts listening on a Unix socket and adjusts its permissions based on user configuration, creating a race condition that allows an unauthorized connection for a short period of time. To remediate this issue, users are advised to upgrade to Redis versions 7.2.2, 7.0.14, or 6.2.14. If upgrading is not possible, users can disable Unix sockets, start Redis with a restrictive umask, or store the Unix socket file in a protected directory. The potential danger of this vulnerability lies in the unauthorized access it enables during the race condition period, which could lead to unauthorized data access or other malicious activities within an organization's systems and networks.

Note: The above summary is constructed using the provided information without additional external sources as it contains sufficient details to create an informative report.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45145 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options