Vulnerability Description
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redpanda | Redpanda | < 23.1.2 |
Related Weaknesses (CWE)
References
- https://github.com/redpanda-data/redpanda/commit/58795aa07e88e0a63cebf4e1d9fcc71Patch
- https://github.com/redpanda-data/redpanda/commit/a839056381ea7cd71e68495854e388dPatch
- https://github.com/redpanda-data/redpanda/commit/cf82b99457e2434d3674e424ab560fePatch
- https://github.com/redpanda-data/redpanda/compare/v23.1.1...v23.1.2Release Notes
- https://github.com/redpanda-data/redpanda/pull/7719Patch
- https://github.com/redpanda-data/redpanda/commit/58795aa07e88e0a63cebf4e1d9fcc71Patch
- https://github.com/redpanda-data/redpanda/commit/a839056381ea7cd71e68495854e388dPatch
- https://github.com/redpanda-data/redpanda/commit/cf82b99457e2434d3674e424ab560fePatch
- https://github.com/redpanda-data/redpanda/compare/v23.1.1...v23.1.2Release Notes
- https://github.com/redpanda-data/redpanda/pull/7719Patch
FAQ
What is CVE-2023-30450?
CVE-2023-30450 is a vulnerability with a CVSS score of 4.3 (MEDIUM). rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and in...
How severe is CVE-2023-30450?
CVE-2023-30450 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30450?
Check the references section above for vendor advisories and patch information. Affected products include: Redpanda Redpanda.