Github.Com Etcd-Io Etcd vulnerabilities
2 known vulnerabilities affecting github.com/etcd-io_etcd.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-15113MEDIUM≥ 3.4.0-rc.0, < 3.4.10≥ 0, < 3.3.232024-01-30
CVE-2020-15113 [MEDIUM] CWE-281 Improper Preservation of Permissions in etcd
Improper Preservation of Permissions in etcd
### Vulnerability type
Access Controls
### Detail
etcd creates certain directory paths (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory pat
ghsaosv
CVE-2023-32082LOW≥ 0, < 3.4.26≥ 3.5.0, < 3.5.92023-05-12
CVE-2023-32082 [LOW] CWE-200 etcd Key name can be accessed via LeaseTimeToLive API
etcd Key name can be accessed via LeaseTimeToLive API
### Impact
LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC).
### Patches
< v3.4.26 and < v3.5.9 are affected.
### Workarounds
No.
### Reporter
Yoni Rozenshein
ghsaosv