CPE-641C7AB5-0CE7-4A05-BD4F-25CD75EFCA94 Detail

CPE Details

etcd 3.2.0

Vendor

etcd

Product

etcd

Version

3.2.0

Created

2019-10-23
11h12 +00:00

Modified

2019-10-23
11h12 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:etcd:etcd:3.2.0:-::::::

Informations

Vendor

etcd

Product

etcd

Version

3.2.0

Update

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-32082	2023-05-11 19h22 +00:00	etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.	4.3	Medium
CVE-2020-15112	2020-08-05 18h00 +00:00	In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.	6.5	Medium
CVE-2020-15113	2020-08-05 17h30 +00:00	In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).	7.1	High
CVE-2020-15106	2020-08-05 17h05 +00:00	In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.	6.5	Medium
CVE-2018-16886	2019-01-14 18h00 +00:00	etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.	8.1	High

etcd 3.2.0

CPE Details

CPE Name: cpe:2.3:a:etcd:etcd:3.2.0:-:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:etcd:etcd:3.2.0:-::::::