Published: 10 August 2016
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
From the Ubuntu security team
It was discovered that Redis incorrectly handled permissions. An attacker could possibly use this issue to obtain sensitive information.
CVSS 3 base score: 3.3