Lucene search
GoogleOSV:GHSA-5X4G-Q5RC-36JPHistoryFeb 03, 2024 - 12:02 a.m.
Etcd pkg Insecure ciphers are allowed by default
2024-02-0300:02:58
Google
osv.dev
2
cryptography
tls
weak ciphers
workarounds
security documentation
security audit
etcd security committee
7.1 High
AI Score
Confidence
High
Vulnerability type
Cryptography
Detail
The TLS ciphers list supported by etcd by default contains weak ciphers.
Workarounds
Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation
References
Find out more on this vulnerability in the security audit report
For more information
If you have any questions or comments about this advisory:
- Contact the etcd security committee
| CPE | Name | Operator | Version |
|---|---|---|---|
| go.etcd.io/etcd/client/pkg/v3 | lt | 3.4.10 | |
| go.etcd.io/etcd/client/pkg/v3 | lt | 3.3.23 | |
| go.etcd.io/etcd/client/pkg/v3 | ge | 3.4.0-rc.0 |
7.1 High
AI Score
Confidence
High