CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
redislabsredis
𝑥
≤ 3.2.2
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
redis
bullseye
5:6.0.16-1+deb11u2
fixed
bullseye (security)
5:6.0.16-1+deb11u3
fixed
bookworm
5:7.0.15-1~deb12u1
fixed
bookworm (security)
5:7.0.15-1~deb12u1
fixed
sid
5:7.0.15-2
fixed
trixie
5:7.0.15-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
redis
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 2:3.0.6-1ubuntu0.2
released
wily
ignored
trusty
Fixed 2:2.8.4-2ubuntu0.2
released
precise
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html
http://www.debian.org/security/2016/dsa-3634
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460
https://github.com/antirez/linenoise/issues/121
https://github.com/antirez/linenoise/pull/122
https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES
https://github.com/antirez/redis/issues/3284
https://github.com/antirez/redis/pull/1418
https://github.com/antirez/redis/pull/3322
http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html
http://www.debian.org/security/2016/dsa-3634
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460
https://github.com/antirez/linenoise/issues/121
https://github.com/antirez/linenoise/pull/122
https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES
https://github.com/antirez/redis/issues/3284
https://github.com/antirez/redis/pull/1418
https://github.com/antirez/redis/pull/3322