CVE-2024-12797 could allow an attacker to carry out an adversary in the middle attack (AitM) to intercept what is supposed to be secured TLS communications between a client and the server.
This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2, while the gateway 11.1 is on openssl 3.0.x,
-- The last Jan 11.1 MPP, openssl_3.0.15-1~deb12u1_amd64.deb
-- Earlier version of gateway has lower version of openssl.
So the gateway is not affected.
Note that RHEL 9 is affected as per https://access.redhat.com/security/cve/CVE-2024-12797