CVE-2023-30450

EPSS 0.09%
Veröffentlicht 08.04.2023 23:15:06
Zuletzt bearbeitet 12.02.2025 17:15:20
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redpanda ≫ Redpanda Version < 23.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/redpanda-data/redpanda/commit/58795aa07e88e0a63cebf4e1d9fcc717ceef0557

Patch

https://github.com/redpanda-data/redpanda/commit/a839056381ea7cd71e68495854e388daf7a08ba7

Patch

https://github.com/redpanda-data/redpanda/commit/cf82b99457e2434d3674e424ab560fe201e6c365

Patch

https://github.com/redpanda-data/redpanda/compare/v23.1.1...v23.1.2

Release Notes

https://github.com/redpanda-data/redpanda/pull/7719

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-30450

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30450

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30450

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-30450