exploitDog

CVE-2023-50976

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.

Ссылки

https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21
Release Notes
https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18
Release Notes
https://github.com/redpanda-data/redpanda/issues/15048
Exploit
Issue Tracking
https://github.com/redpanda-data/redpanda/pull/14969
Issue Tracking
Patch
https://github.com/redpanda-data/redpanda/pull/15060
Issue Tracking
Patch
https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21
Release Notes
https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18
Release Notes
https://github.com/redpanda-data/redpanda/issues/15048
Exploit
Issue Tracking
https://github.com/redpanda-data/redpanda/pull/14969
Issue Tracking
Patch
https://github.com/redpanda-data/redpanda/pull/15060
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*

Версия до 23.1.21 (исключая)

cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*

Версия от 23.2.0 (включая) до 23.2.18 (исключая)

EPSS

Процентиль: 31%

0.00121

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-v5cv-j9qw-9f6c

CVSS3: 9.8

github

около 2 лет назад

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.

EPSS

Процентиль: 31%

0.00121

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-862

CWE-862