Back to bug 2182057
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-03-27 12:33:28 UTC | CC | apevec, bdettelb, cwelton, davidn, eglynn, epacific, hhorak, jcammara, jhardy, jjoyce, jneedle, jobarker, jorton, lhh, mabashia, mburns, mgarciac, nathans, osapryki, rcollet, redis-maint, rhos-maint, simaishi, smcdonal, spower, teagle, yguenane, zsadeh | |
| Sandipan Roy | 2023-03-28 04:28:28 UTC | CC | hhorak, jorton, rcollet, redis-maint | |
| Vipul Nair | 2023-03-31 11:47:23 UTC | Depends On | 2183502 | |
| Red Hat Bugzilla | 2023-07-07 08:35:35 UTC | Assignee | security-response-team | nobody |
| Avinash Hanwate | 2023-07-11 06:07:01 UTC | Doc Text | Redis redis-py could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. | |
| CC | adudiak, kshier, stcannon, tfister | |||
| Avinash Hanwate | 2023-07-11 06:08:23 UTC | Doc Text | Redis redis-py could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. | Redis redis-py could allow a remote, authenticated attacker to obtain sensitive information, caused by a flaw with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. |
| Avinash Hanwate | 2023-07-11 06:08:43 UTC | Depends On | 2221861 | |
| RaTasha Tillery-Smith | 2023-07-11 13:37:01 UTC | Doc Text | Redis redis-py could allow a remote, authenticated attacker to obtain sensitive information, caused by a flaw with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. | A flaw was found in Redis redis-py. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker can obtain sensitive information and use this information to launch further attacks against the affected system. |
Back to bug 2182057