CVE-2023-30450

Name of the Vulnerable Software and Affected Versions Redpanda versions prior to 23.1.2 Redpanda versions 22.2 and 22.3 (before the backported fix)

Description The issue arises from the mishandling of the redpanda.rpc server tls field by rpk in Redpanda, leading to situations where there is a data type mismatch. This mismatch cannot be automatically fixed by rpk, and instead, a user must reconfigure (while a cluster is turned off) to have TLS on broker RPC ports.

Recommendations For Redpanda versions prior to 23.1.2, update to version 23.1.2 or later to resolve the issue. For Redpanda versions 22.2 and 22.3, apply the backported fix to resolve the issue. As a temporary workaround, consider reconfiguring the redpanda.rpc server tls field while the cluster is turned off to minimize the risk of exploitation.