- Description
- Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-522
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A490345-C476-45B6-B5F8-9C655D972701",
"versionEndExcluding": "22.1.12",
"versionStartIncluding": "22.1.0"
},
{
"criteria": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E28A2FDE-6433-4226-8C51-D691F15B4421",
"versionEndExcluding": "22.2.10",
"versionStartIncluding": "22.2.0"
},
{
"criteria": "cpe:2.3:a:redpanda:redpanda:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "590B94B7-4DA5-48BE-A406-77A44C5106DD",
"versionEndExcluding": "22.3.12",
"versionStartIncluding": "22.3.0"
}
],
"operator": "OR"
}
]
}
]