Vulnerability Name: | CVE-2022-24735 (CCN-225346) |
Assigned: | 2022-04-27 |
Published: | 2022-04-27 |
Updated: | 2022-10-07 |
Summary: | Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. |
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 3.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) 3.4 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): None | 3.9 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) 3.4 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-94
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2022-24735
Source: XF Type: UNKNOWN redis-cve202224735-code-exec(225346)
Source: MISC Type: Exploit, Third Party Advisory https://github.com/redis/redis/pull/10651
Source: MISC Type: Release Notes, Third Party Advisory https://github.com/redis/redis/releases/tag/6.2.7
Source: MISC Type: Release Notes, Third Party Advisory https://github.com/redis/redis/releases/tag/7.0.0
Source: CCN Type: Redis GIT Repository Lua scripts can be manipulated to overcome ACL rules
Source: CONFIRM Type: Third Party Advisory https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq
Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-44373f6778
Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-6ed1ce2838
Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-a0a4c7eb31
Source: GENTOO Type: Third Party Advisory GLSA-202209-17
Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220715-0003/
Source: CCN Type: IBM Security Bulletin 6608610 (DataPower Gateway) IBM DataPower Gateway affected by vulnerabilities in Redis
Source: CCN Type: IBM Security Bulletin 6825545 (Event Streams) Vulnerabilities in Redis affect IBM Event Streams (CVE-2022-24736, CVE-2022-24735)
Source: CCN Type: IBM Security Bulletin 6842235 (Spectrum Protect Plus) Vulnerabilities in Redis affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift (CVE-2022-24736, CVE-2022-24735)
Source: CCN Type: Mend Vulnerability Database CVE-2022-24735
Source: CCN Type: Oracle CPUJul2022 Oracle Critical Patch Update Advisory - July 2022
Source: N/A Type: Patch, Third Party Advisory N/A
|
Vulnerable Configuration: | Configuration 1: cpe:/a:redis:redis:7.0:rc2:*:*:*:*:*:*OR cpe:/a:redis:redis:7.0:rc3:*:*:*:*:*:*OR cpe:/a:redis:redis:7.0:rc1:*:*:*:*:*:*OR cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version < 6.2.7) Configuration 2: cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:* Configuration 3: cpe:/a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*OR cpe:/a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:* Configuration 4: cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*OR cpe:/a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*OR cpe:/a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Configuration RedHat 3: cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 4: cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:* Configuration CCN 1: cpe:/a:redislabs:redis:6.2.5:*:*:*:*:*:*:*OR cpe:/a:redislabs:redis:6.0.15:*:*:*:*:*:*:*OR cpe:/a:redislabs:redis:5.0.13:*:*:*:*:*:*:*OR cpe:/a:redislabs:redis:6.2.6:*:*:*:*:*:*:*OR cpe:/a:redislabs:redis:6.0.16:*:*:*:*:*:*:*OR cpe:/a:redislabs:redis:5.0.14:*:*:*:*:*:*:*AND cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:*OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
redis redis 7.0 rc2
redis redis 7.0 rc3
redis redis 7.0 rc1
redis redis *
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
netapp management services for element software -
netapp management services for netapp hci -
oracle communications operations monitor 4.3
oracle communications operations monitor 4.4
oracle communications operations monitor 5.0
redislabs redis 6.2.5
redislabs redis 6.0.15
redislabs redis 5.0.13
redislabs redis 6.2.6
redislabs redis 6.0.16
redislabs redis 5.0.14
ibm datapower gateway 2018.4.1.0
ibm spectrum protect plus 10.1.5
ibm event streams 10.0.0
ibm event streams 10.1.0
ibm datapower gateway 10.0.1.0
ibm spectrum protect plus 10.1.7
ibm event streams 10.2.0
ibm event streams 10.3.0
ibm event streams 10.3.1
ibm datapower gateway 10.0.4.0
ibm datapower gateway 10.5.0.0