Lucene search
+L

40 matches found

vulnrichment
vulnrichment
added 2023/12/17 12:0 a.m.6 views

CVE-2023-50976

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...

9.5AI score0.00987EPSS
Exploits1References5
cvelist
cvelist
added 2023/12/17 12:0 a.m.23 views

CVE-2023-50976

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...

9.7AI score0.00987EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2023/12/17 12:0 a.m.6 views

PT-2023-31716 · Redpanda · Redpanda

Name of the Vulnerable Software and Affected Versions: Redpanda versions prior to 23.1.21 Redpanda versions 23.2.x prior to 23.2.18 Description: The issue is related to missing authorization checks in the "Transactions API". This could potentially allow unauthorized access or actions...

9.8CVSS9.2AI score0.00987EPSS
Exploits1References9
cve
cve
added 2023/12/17 12:0 a.m.54 views

CVE-2023-50976

CVE-2023-50976 affects Redpanda before 23.1.21 and 23.2.x before 23.2.18. The issue is missing authorization checks in the Transactions API, as stated by multiple sources (Redpanda/Redpanda PRs and security portals). Impact is implied as high due to authorization gaps, but the connected documents...

9.8CVSS9.3AI score0.00987EPSS
Exploits1References5Affected Software1
osv
osv
added 2023/12/17 12:0 a.m.6 views

CVE-2023-50976

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...

9.8CVSS6.9AI score0.00987EPSS
Exploits1References7
nvd
nvd
added 2023/04/08 11:15 p.m.14 views

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4.3CVSS4.6AI score0.00594EPSS
Exploits0References5
prion
prion
added 2023/04/08 11:15 p.m.15 views

Code injection

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4CVSS4.7AI score0.00594EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2023/04/08 12:0 a.m.2 views

PT-2023-22697 · Redpanda · Redpanda

Name of the Vulnerable Software and Affected Versions: Redpanda versions prior to 23.1.2 Redpanda versions 22.2 and 22.3 before the backported fix Description: The issue arises from the mishandling of the redpanda.rpc server tls field by rpk in Redpanda, leading to situations where there is a dat...

4.3CVSS4.5AI score0.00594EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2023/04/08 12:0 a.m.6 views

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4.6AI score0.00594EPSS
Exploits0References5
cve
cve
added 2023/04/08 12:0 a.m.38 views

CVE-2023-30450

The CVE-2023-30450 issue affects Redpanda before 23.1.2, where the rpk tool mishandles the redpanda.rpc_server_tls field, causing a data type mismatch that cannot be auto-fixed by rpk. remediation requires user action: reconfigure TLS on broker RPC ports while the cluster is turned off. The vulne...

4.3CVSS4.6AI score0.00594EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2023/04/08 12:0 a.m.3 views

Redpanda 安全漏洞

Redpanda is a streaming data platform for developers. It is compatible with the Kafka API. A security vulnerability exists in Redpanda versions prior to 23.1.2 that stems from incorrectly handling the redpanda.rpcservertls field, resulting in a data type mismatch...

4.3CVSS5.1AI score0.00594EPSS
Exploits0References6
cvelist
cvelist
added 2023/04/08 12:0 a.m.13 views

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4.9AI score0.00594EPSS
Exploits0References5
osv
osv
added 2023/04/08 12:0 a.m.8 views

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4.3CVSS7AI score0.00594EPSS
Exploits0References7
nvd
nvd
added 2023/02/13 7:15 p.m.18 views

CVE-2023-24619

Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...

5.5CVSS5.4AI score0.00266EPSS
Exploits1References1
prion
prion
added 2023/02/13 7:15 p.m.14 views

Code injection

Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...

1.7CVSS5.3AI score0.00266EPSS
Exploits1References1Affected Software1
cve
cve
added 2023/02/13 12:0 a.m.142 views

CVE-2023-24619

CVE-2023-24619 affects Redpanda prior to 22.3.12. The rpk import feature logs AWS credentials (Access Key ID and Secret) in cleartext to stdout, exposing them locally or in Kubernetes logs. Fixed in 22.3.12, with related patched versions 22.2.10 and 22.1.12. The vulnerability’s impact is plaintex...

5.5CVSS5.3AI score0.00266EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.5 views

CVE-2023-24619

Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...

5.4AI score0.00266EPSS
Exploits1References1
cvelist
cvelist
added 2023/02/13 12:0 a.m.20 views

CVE-2023-24619

Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...

5.6AI score0.00266EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/02/13 12:0 a.m.6 views

Redpanda 安全漏洞

Redpanda is a streaming data platform for developers. It is compatible with the Kafka API. A security vulnerability exists in Redpanda versions prior to 22.3.12 that stems from exposing plaintext AWS credentials, which can be exploited by a local attacker to view keys in the console or logs...

5.5CVSS5.7AI score0.00266EPSS
Exploits1References2
osv
osv
added 2023/02/13 12:0 a.m.15 views

CVE-2023-24619

Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...

5.5CVSS6.6AI score0.00266EPSS
Exploits1References3
Rows per page
Query Builder