40 matches found
CVE-2023-50976
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...
CVE-2023-50976
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...
PT-2023-31716 · Redpanda · Redpanda
Name of the Vulnerable Software and Affected Versions: Redpanda versions prior to 23.1.21 Redpanda versions 23.2.x prior to 23.2.18 Description: The issue is related to missing authorization checks in the "Transactions API". This could potentially allow unauthorized access or actions...
CVE-2023-50976
CVE-2023-50976 affects Redpanda before 23.1.21 and 23.2.x before 23.2.18. The issue is missing authorization checks in the Transactions API, as stated by multiple sources (Redpanda/Redpanda PRs and security portals). Impact is implied as high due to authorization gaps, but the connected documents...
CVE-2023-50976
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...
CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
Code injection
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
PT-2023-22697 · Redpanda · Redpanda
Name of the Vulnerable Software and Affected Versions: Redpanda versions prior to 23.1.2 Redpanda versions 22.2 and 22.3 before the backported fix Description: The issue arises from the mishandling of the redpanda.rpc server tls field by rpk in Redpanda, leading to situations where there is a dat...
CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
CVE-2023-30450
The CVE-2023-30450 issue affects Redpanda before 23.1.2, where the rpk tool mishandles the redpanda.rpc_server_tls field, causing a data type mismatch that cannot be auto-fixed by rpk. remediation requires user action: reconfigure TLS on broker RPC ports while the cluster is turned off. The vulne...
Redpanda 安全漏洞
Redpanda is a streaming data platform for developers. It is compatible with the Kafka API. A security vulnerability exists in Redpanda versions prior to 23.1.2 that stems from incorrectly handling the redpanda.rpcservertls field, resulting in a data type mismatch...
CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
Code injection
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
CVE-2023-24619
CVE-2023-24619 affects Redpanda prior to 22.3.12. The rpk import feature logs AWS credentials (Access Key ID and Secret) in cleartext to stdout, exposing them locally or in Kubernetes logs. Fixed in 22.3.12, with related patched versions 22.2.10 and 22.1.12. The vulnerability’s impact is plaintex...
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
Redpanda 安全漏洞
Redpanda is a streaming data platform for developers. It is compatible with the Kafka API. A security vulnerability exists in Redpanda versions prior to 22.3.12 that stems from exposing plaintext AWS credentials, which can be exploited by a local attacker to view keys in the console or logs...
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...