Alpine: multiple redis packages: security update to 7.0.13-r0

low Tenable Self-Hosted Container Security Plugin ID 425720

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by
`SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly
authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis
7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
(CVE-2023-41053)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-41053

Plugin Details

Severity: Low

ID: 425720

Version: Revision 1.1

Type: Local

Published: 4/18/2025

Updated: 4/18/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2023-41053

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/6/2023

Reference Information

CVE: CVE-2023-41053