3 matches found
CVE-2023-24619
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versio...
CVE-2023-24619
creationtimestamp| type| source ---|---|--- 2023-02-13 22:29:56+00:00| seen| https://t.me/cibsecurity/58020 2025-03-21 18:19:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8390...
CVE-2023-24619
CVE-2023-24619 affects Redpanda prior to 22.3.12. The rpk import feature logs AWS credentials (Access Key ID and Secret) in cleartext to stdout, exposing them locally or in Kubernetes logs. Fixed in 22.3.12, with related patched versions 22.2.10 and 22.1.12. The vulnerability’s impact is plaintex...