Vulnerability: TLS Misconfiguration in Redpanda RPC Server

Vulnerability: TLS Misconfiguration in Redpanda RPC Server

CVE-2023-30450 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.

Learn more about our Cis Benchmark Audit For Server Software.