PT-2023-19711 · Redpanda · Redpanda

Published

2023-02-13

Updated

2025-03-21

CVE-2023-24619

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Redpanda versions prior to 22.3.12 Redpanda versions prior to 22.2.10 Redpanda versions prior to 22.1.12

Description The issue allows a local user to view AWS Access Key ID and Secret in cleartext, as the import functionality in the rpk binary logs these credentials to standard output. This can be viewed in the console or in Kubernetes logs if stdout output is collected.

Recommendations For versions prior to 22.3.12, update to version 22.3.12 or later. For versions prior to 22.2.10, update to version 22.2.10 or later. For versions prior to 22.1.12, update to version 22.1.12 or later.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2023-24619

Affected Products

Redpanda

PT-2023-19711 · Redpanda · Redpanda

CVE-2023-24619

Weakness Enumeration

Related Identifiers

Affected Products

References · 5