CVE-2023-50976
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/12/2023
Last modified:
20/05/2025
Description
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:* | 23.1.21 (excluding) | |
| cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:* | 23.2.0 (including) | 23.2.18 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21
- https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18
- https://github.com/redpanda-data/redpanda/issues/15048
- https://github.com/redpanda-data/redpanda/pull/14969
- https://github.com/redpanda-data/redpanda/pull/15060
- https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21
- https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18
- https://github.com/redpanda-data/redpanda/issues/15048
- https://github.com/redpanda-data/redpanda/pull/14969
- https://github.com/redpanda-data/redpanda/pull/15060