CVE-2023-50976

CRITICAL

redpanda < 23.1.21 and 23.2.x < 23.2.18 - Missing Authorization in Transactions API

Title source: llm
STIX 2.1

Description

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.

Scores

CVSS v3 9.8
EPSS 0.0099
EPSS Percentile 58.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
redpanda/redpanda < 23.1.21
Published Dec 18, 2023
Tracked Since Feb 18, 2026