How severe is CVE-2023-45145?

This vulnerability has a severity rating of LOW with a CVSS score of 3.6 out of 10.

What type of vulnerability is CVE-2023-45145?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2023-45145 - LOW Severity | CVSS 3.6

Vulnerability Description

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

Related Vulnerabilities

CVE-2021-39212

LOW

CVSS:3.6(Low)

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected ver...

CWE-6682021

CVE-2020-27601

LOW

CVSS:3.5(Low)

In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.

CWE-6682020

CVE-2017-8418

LOW

CVSS:3.3(Low)

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

CWE-6682017

CVE-2019-8934

LOW

CVSS:3.3(Low)

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

CWE-6682019

CVE-2021-22468

LOW

CVSS:3.3(Low)

A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.

CWE-6682021

CVE-2021-26309

LOW

CVSS:3.3(Low)

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

CWE-6682021