Login Sign Up

CVE-2023-50976

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Redpanda versions before 23.1.21 and 23.2.x before 23.2.18 have missing authorization checks in the Transactions API, allowing unauthorized users to perform transaction operations. This affects all Redpanda deployments using vulnerable versions, potentially exposing transaction data and operations.

💻 Affected Systems

Products:
  • Redpanda
Versions: Redpanda < 23.1.21, Redpanda 23.2.x < 23.2.18
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using vulnerable versions with Transactions API enabled are affected.

📦 What is this software?

Redpanda by Redpanda

View all CVEs affecting Redpanda →

Redpanda by Redpanda

View all CVEs affecting Redpanda →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized actors could manipulate, delete, or corrupt transaction data across the entire Redpanda cluster, leading to data loss, integrity violations, and service disruption.

🟠

Likely Case

Unauthorized users accessing the Transactions API to read or modify transaction data, potentially exposing sensitive information or causing data inconsistencies.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to authorized internal users only.

🌐 Internet-Facing: HIGH - If the Transactions API is exposed to the internet, attackers can exploit this without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires access to the Transactions API endpoint but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.1.21 or 23.2.18

Vendor Advisory: https://github.com/redpanda-data/redpanda/security/advisories

Restart Required: Yes

Instructions:

1. Backup your Redpanda configuration and data. 2. Upgrade to Redpanda 23.1.21 or 23.2.18 using your package manager. 3. Restart Redpanda services. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Redpanda Transactions API endpoints

iptables -A INPUT -p tcp --dport 9644 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 9644 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Redpanda cluster from untrusted networks
  • Deploy a reverse proxy or API gateway with authentication/authorization in front of Redpanda Transactions API

🔍 How to Verify

Check if Vulnerable:

Check Redpanda version: rpk version or check service logs for version information

Check Version:

rpk version

Verify Fix Applied:

Verify version is 23.1.21 or higher, or 23.2.18 or higher, and test Transactions API with unauthorized user

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Transactions API endpoints
  • Transaction operations from unexpected IP addresses

Network Indicators:

  • Unusual traffic patterns to port 9644
  • Transaction API requests without authentication headers

SIEM Query:

source="redpanda" AND ("transaction" OR "9644") AND status="401" OR status="403"

📊 Metadata

CVE ID: CVE-2023-50976
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: December 18, 2023
Last Updated: May 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50976, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)