H3-2024-0018

Unauthenticated Access to Redis

Description

The host was identified to be running a Redis instance that does not require authentication to interact with it.

Impact

An attacker could access the Redis in-memory database and retrieve information about the Redis database. Depending on the configuration of the Redis server they may be also be able to write files to disk.

References

• CVE-2022-20821
• Technical Demonstration of How This Could Be Abused
• Vendor Patch Instructions