Vulnerability Name: CVE-2022-24735 (CCN-225346) Assigned: 2022-04-27 Published: 2022-04-27 Updated: 2022-10-07 Summary: Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
3.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N )3.4 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
3.9 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N )3.4 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2022-24735 Source: XF Type: UNKNOWNredis-cve202224735-code-exec(225346) Source: MISC Type: Exploit, Third Party Advisoryhttps://github.com/redis/redis/pull/10651 Source: MISC Type: Release Notes, Third Party Advisoryhttps://github.com/redis/redis/releases/tag/6.2.7 Source: MISC Type: Release Notes, Third Party Advisoryhttps://github.com/redis/redis/releases/tag/7.0.0 Source: CCN Type: Redis GIT RepositoryLua scripts can be manipulated to overcome ACL rules Source: CONFIRM Type: Third Party Advisoryhttps://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2022-44373f6778 Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2022-6ed1ce2838 Source: FEDORA Type: Mailing List, Third Party AdvisoryFEDORA-2022-a0a4c7eb31 Source: GENTOO Type: Third Party AdvisoryGLSA-202209-17 Source: CONFIRM Type: Third Party Advisoryhttps://security.netapp.com/advisory/ntap-20220715-0003/ Source: CCN Type: IBM Security Bulletin 6608610 (DataPower Gateway)IBM DataPower Gateway affected by vulnerabilities in Redis Source: CCN Type: IBM Security Bulletin 6825545 (Event Streams)Vulnerabilities in Redis affect IBM Event Streams (CVE-2022-24736, CVE-2022-24735) Source: CCN Type: IBM Security Bulletin 6842235 (Spectrum Protect Plus)Vulnerabilities in Redis affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift (CVE-2022-24736, CVE-2022-24735) Source: CCN Type: Mend Vulnerability DatabaseCVE-2022-24735 Source: CCN Type: Oracle CPUJul2022Oracle Critical Patch Update Advisory - July 2022 Source: N/A Type: Patch, Third Party AdvisoryN/A Vulnerable Configuration: Configuration 1 :cpe:/a:redis:redis:7.0:rc2:*:*:*:*:*:* OR cpe:/a:redis:redis:7.0:rc3:*:*:*:*:*:* OR cpe:/a:redis:redis:7.0:rc1:*:*:*:*:*:* OR cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version < 6.2.7) Configuration 2 :cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:* Configuration 3 :cpe:/a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* OR cpe:/a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:* Configuration 4 :cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Configuration RedHat 3 :cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 4 :cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:* Configuration CCN 1 :cpe:/a:redislabs:redis:6.2.5:*:*:*:*:*:*:* OR cpe:/a:redislabs:redis:6.0.15:*:*:*:*:*:*:* OR cpe:/a:redislabs:redis:5.0.13:*:*:*:*:*:*:* OR cpe:/a:redislabs:redis:6.2.6:*:*:*:*:*:*:* OR cpe:/a:redislabs:redis:6.0.16:*:*:*:*:*:*:* OR cpe:/a:redislabs:redis:5.0.14:*:*:*:*:*:*:* AND cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
redis redis 7.0 rc2
redis redis 7.0 rc3
redis redis 7.0 rc1
redis redis *
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
netapp management services for element software -
netapp management services for netapp hci -
oracle communications operations monitor 4.3
oracle communications operations monitor 4.4
oracle communications operations monitor 5.0
redislabs redis 6.2.5
redislabs redis 6.0.15
redislabs redis 5.0.13
redislabs redis 6.2.6
redislabs redis 6.0.16
redislabs redis 5.0.14
ibm datapower gateway 2018.4.1.0
ibm spectrum protect plus 10.1.5
ibm event streams 10.0.0
ibm event streams 10.1.0
ibm datapower gateway 10.0.1.0
ibm spectrum protect plus 10.1.7
ibm event streams 10.2.0
ibm event streams 10.3.0
ibm event streams 10.3.1
ibm datapower gateway 10.0.4.0
ibm datapower gateway 10.5.0.0