794 matches found
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
CVE-2026-44283
CVE-2026-44283 affects etcd, a distributed key-value store. The issue: in nested transaction operations, read access via PrevKv or lease attachment in Put requests can bypass RBAC authorization checks. This could allow an authenticated user with limited read or lease permissions to access data th...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
EUVD-2026-30345
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
etcd 安全漏洞
Etcd is an open-source key-value storage system for distributed systems, written in the Go language. There are security vulnerabilities in versions of etcd prior to 3.4.44, 3.5.30, and 3.6.11. These vulnerabilities stem from transactions that bypass RBAC authorization checks through PrevKv or Put...
Linux Distros Unpatched Vulnerability : CVE-2026-44283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...
Photon OS 4.0: Etcd PHSA-2026-4.0-1012
An update of the etcd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1012. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Unity Linux 20.1050e / 20.1070e Security Update: etcd (UTSA-2026-016819)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016819 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Tenable has extracted the preceding...
Unity Linux 20.1050e / 20.1070e Security Update: etcd (UTSA-2026-017350)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017350 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With...
CVE-2026-42880
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...
GHSA-X35M-3GP4-4FH5 etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in nested transaction Put requests
Impact What kind of vulnerability is it? Who is impacted? A vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may b...
etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in nested transaction Put requests
Impact What kind of vulnerability is it? Who is impacted? A vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may b...
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...
PT-2026-38402
Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.4.44 etcd versions prior to 3.5.30 etcd versions prior to 3.6.11 Description etcd is a distributed key-value store for distributed system data. A flaw allows authenticated users without sufficient read or lease-related...
Argo CD 信息泄露漏洞
Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. Versions of Argo CD prior to 3.2.11 and 3.3.0–3.3.9 contained a vulnerability related to information leakage. This vulnerability stemmed from a lack of authorization and data...
Important Photon OS Security Update - PHSA-2026-4.0-1012
Updates of 'etcd', 'vim' packages of Photon OS have been released...
RHCOS 3 : kubernetes (RHSA-2015:1945)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1945 advisory. - Kubernetes: Missing name validation allows path traversal in etcd CVE-2015-5305 Note that Nessus has not tested for this issue but has...
Astra Linux - уязвимость в etcd
A DNS rebinding vulnerability has been discovered in etcd 3.3.1 and earlier versions. An attacker can manipulate their DNS records to direct requests to localhost, thereby tricking the browser into sending requests to localhost or any other address...