rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30450.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "23.1.2"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}