etcd 3.4.10

CPE Details

etcd 3.4.10
etcd
etcd
3.4.10
2020-08-06
16h22 +00:00
2020-08-06
16h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:etcd:etcd:3.4.10:*:*:*:*:*:*:*

Informations

Vendor

etcd

Product

etcd

Version

3.4.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-32082 2023-05-11 19h22 +00:00 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
4.3
Medium
CVE-2021-28235 2023-04-04 00h00 +00:00 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.