Vulnerability Details : CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.
Products affected by CVE-2023-30450
- cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30450
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30450
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-12 |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2023-30450
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-30450
-
https://github.com/redpanda-data/redpanda/commit/a839056381ea7cd71e68495854e388daf7a08ba7
rpk: do not modify redpanda.rpc_server_tls field · redpanda-data/redpanda@a839056 · GitHubPatch
-
https://github.com/redpanda-data/redpanda/compare/v23.1.1...v23.1.2
Comparing v23.1.1...v23.1.2 · redpanda-data/redpanda · GitHubRelease Notes
-
https://github.com/redpanda-data/redpanda/pull/7719
rpk: do not modify redpanda.rpc_server_tls field by r-vasquez · Pull Request #7719 · redpanda-data/redpanda · GitHubPatch
-
https://github.com/redpanda-data/redpanda/commit/cf82b99457e2434d3674e424ab560fe201e6c365
rpk: do not modify redpanda.rpc_server_tls field · redpanda-data/redpanda@cf82b99 · GitHubPatch
-
https://github.com/redpanda-data/redpanda/commit/58795aa07e88e0a63cebf4e1d9fcc717ceef0557
rpk: do not modify redpanda.rpc_server_tls field · redpanda-data/redpanda@58795aa · GitHubPatch
Jump to