Skip to main content

Redpanda

3 CVEs product

Monthly

CVE-2023-50976 CRITICAL POC PATCH Act Now

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Redpanda
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30450 MEDIUM PATCH This Month

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redpanda
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-24619 MEDIUM POC This Month

Redpanda before 22.3.12 discloses cleartext AWS credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Redpanda
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Redpanda
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redpanda
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Redpanda before 22.3.12 discloses cleartext AWS credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Redpanda
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy