redpanda-data/redpanda

redpanda-data/redpanda

Releases890

Frequency2 days 6 hours

Last Release 1 day ago

Stars12.2K

Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM!

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-50976 ↗	Dec 18, 2023Monday, 18 December 2023, 00:15	9.8 CRITICAL	—
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
CVE-2023-30450 ↗	Apr 8, 2023Saturday, 8 April 2023, 23:15	4.3 MEDIUM	—
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.
CVE-2023-24619 ↗	Feb 13, 2023Monday, 13 February 2023, 19:15	5.5 MEDIUM	—
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.