Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-8A733E82034E177641882ADD4DF16056

HistoryFeb 03, 2024 - 12:00 a.m.

Etcd pkg Insecure ciphers are allowed by default

2024-02-0300:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

etcd

insecure ciphers

cryptography

tls

workarounds

security documentation

references

security audit

security committee.

7.1 High

AI Score

Confidence

High

Cryptography

The TLS ciphers list supported by etcd by default contains weak ciphers.

Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation

Find out more on this vulnerability in the security audit report

If you have any questions or comments about this advisory:

CPENameOperatorVersion
go/go.etcd.io/etcd/client/pkg/v3lt3.3.23
go/go.etcd.io/etcd/client/pkg/v3ge3.4.0-rc.0
go/go.etcd.io/etcd/client/pkg/v3le3.4.9

Name	Operator	Version
go/go.etcd.io/etcd/client/pkg/v3	lt	3.3.23
go/go.etcd.io/etcd/client/pkg/v3	ge	3.4.0-rc.0
go/go.etcd.io/etcd/client/pkg/v3	le	3.4.9

References

github.com/advisories/GHSA-5x4g-q5rc-36jp

github.com/etcd-io/etcd/security/advisories/GHSA-5x4g-q5rc-36jp

7.1 High

AI Score

Confidence

High