Lucene search

K

Etcd Security Vulnerabilities

cve
cve

CVE-2022-34038

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a...

7.5CVSS

7.2AI Score

0.001EPSS

2023-08-22 07:16 PM
27
cve
cve

CVE-2020-15113

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This...

7.1CVSS

7AI Score

0.0004EPSS

2020-08-05 08:15 PM
53
2
cve
cve

CVE-2020-15112

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime.....

6.5CVSS

6.7AI Score

0.001EPSS

2020-08-05 08:15 PM
68
cve
cve

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can...

6.5CVSS

6.6AI Score

0.001EPSS

2020-08-05 07:15 PM
89
cve
cve

CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting....

7.7CVSS

7.3AI Score

0.001EPSS

2020-08-06 11:15 PM
79
cve
cve

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a...

8.1CVSS

7.9AI Score

0.018EPSS

2019-01-14 07:29 PM
92
cve
cve

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS

6.7AI Score

0.003EPSS

2020-08-06 11:15 PM
76
cve
cve

CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational...

7.5CVSS

7.4AI Score

0.002EPSS

2020-08-06 10:15 PM
46
cve
cve

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is...

4.3CVSS

4.5AI Score

0.001EPSS

2023-05-11 08:15 PM
50
cve
cve

CVE-2021-28235

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug...

9.8CVSS

9.3AI Score

0.003EPSS

2023-04-04 03:15 PM
43