CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

Permalink

Cannot retrieve contributors at this time

{

"id": 457,

"title": "Improper Authorization",

"overview": "Aedes does not respect its own authorization rules when a client sets a Last Will",

"created\_at": "2018-08-07",

"updated\_at": "2018-08-07",

"publish\_date": "2018-08-07",

"author": {

"name": "Matteo Collina",

"website": null,

"username": "mcollina"

},

"module\_name": "aedes",

"cves": \[

"CVE-2018-3778"

\],

"vulnerable\_versions": "<=0.35.0",

"patched\_versions": "\>=0.35.1",

"recommendation": "Update aedes module to version >= 0.35.1",

"references": \[

"https://github.com/mcollina/aedes/issues/211",

"https://github.com/mcollina/aedes/issues/212"

\],

"cvss\_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",

"cvss\_score": 5.0,

"coordinating\_vendor": null

}

Headline

CVE-2018-3778: security-wg/457.json at main · nodejs/security-wg

CVE: Latest News