Filtered by vendor Etcd
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-32082 | 1 Etcd | 1 Etcd | 2024-11-21 | N/A | 3.1 LOW |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. | |||||
CVE-2022-34038 | 1 Etcd | 1 Etcd | 2024-11-21 | N/A | 7.5 HIGH |
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. | |||||
CVE-2021-28235 | 1 Etcd | 1 Etcd | 2024-11-21 | N/A | 9.8 CRITICAL |
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | |||||
CVE-2020-15113 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | |||||
CVE-2020-15112 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. | |||||
CVE-2020-15106 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. | |||||
CVE-2018-16886 | 3 Etcd, Fedoraproject, Redhat | 5 Etcd, Fedora, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. |