Impact
Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.
The problem exists in Redis 7.0 or newer.
Patches
The problem is fixed in Redis 7.0.13 and 7.2.1.
Credit
The problem was found by yangbodong22011.
For more information
If you have any questions or comments about this advisory:
Impact
Redis does not correctly identify keys accessed by
SORT_ROand, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.The problem exists in Redis 7.0 or newer.
Patches
The problem is fixed in Redis 7.0.13 and 7.2.1.
Credit
The problem was found by yangbodong22011.
For more information
If you have any questions or comments about this advisory: