CVE-2023-24619
CVSS V2 None
CVSS V3 None
Description
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.
Overview
- CVE ID
- CVE-2023-24619
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-13T19:15:11
- Last Modified Date
- 2023-02-23T19:46:12
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:* | 1 | OR | 22.1.0 | 22.1.12 |
| cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:* | 1 | OR | 22.2.0 | 22.2.10 |
| cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:* | 1 | OR | 22.3.0 | 22.3.12 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/redpanda-data/redpanda/pull/8339 | Exploit Patch Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-24619 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24619 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:38:43 | Added to TrackCVE | |||
| 2023-04-17 07:38:44 | Weakness Enumeration | new |