794 matches found
CVE-2020-15115
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
Denial Of Service (DoS)
github.com/etcd-io/etcd is vulnerable to denial of service. An attacker is able to cause a panic in the decodeRecord method and a denial of service condition in a RAFT participant when decoding the WAL by forging a large frame size...
Insecure Permission Checks
github.com/etcd-io/etcd does not properly perform permission checks. The function os.MkdirAll that creates the directory containing automatically generated self-signed certificates for TLS connections with clients is insecure and does not perform any permission checks, potentially overwriting...
etcd Input Validation Error Vulnerability
etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. A remote...
etcd Access Restriction Bypass Vulnerability
etcd is a key-value storage system for distributed systems written in the Go language. A security vulnerability exists in etcd versions prior to 3.3.23 and 3.4.10, which stems from the program failing to perform any privilege checks. An attacker could exploit this vulnerability to bypass access...
CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
DEBIAN-CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
AZL-6390 CVE-2020-15113 affecting package etcd for versions less than 3.5.0-3
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
AZL-6389 CVE-2020-15112 affecting package etcd for versions less than 3.5.0-3
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
DEBIAN-CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
Code injection
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
Design/Logic Flaw
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
UBUNTU-CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...