CVE-2023-28859 - OpenCVE

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redis	Redis-py

Configuration 1 [-]

OR	cpe:2.3:a:redis:redis-py::::::::
	cpe:2.3:a:redis:redis-py::::::::

References

Link	Resource
https://github.com/redis/redis-py/issues/2665	Issue Tracking Patch Vendor Advisory
https://github.com/redis/redis-py/pull/2641	Issue Tracking Patch
https://github.com/redis/redis-py/pull/2666	Release Notes
https://github.com/redis/redis-py/releases/tag/v4.4.4	Release Notes
https://github.com/redis/redis-py/releases/tag/v4.5.4	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-26T00:00:00

Updated: 2023-03-30T21:38:05.900609Z

Reserved: 2023-03-26T00:00:00

Link: CVE-2023-28859

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-26T19:15:06.850

Modified: 2023-05-17T17:08:20.883

Link: CVE-2023-28859

JSON object: View

Redhat Information

No data.

CWE

CWE-459

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis-py:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BF5D290-49BC-4C70-B801-9DCE97070663", "versionEndExcluding": "4.4.4", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis-py:*:*:*:*:*:*:*:*", "matchCriteriaId": "39E01CD5-9AC0-46ED-A952-1EAD9FBFC930", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general."}], "id": "CVE-2023-28859", "lastModified": "2023-05-17T17:08:20.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-26T19:15:06.850", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/redis/redis-py/issues/2665"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/redis/redis-py/pull/2641"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/redis/redis-py/pull/2666"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/redis/redis-py/releases/tag/v4.4.4"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/redis/redis-py/releases/tag/v4.5.4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}