CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15112 – Improper Input Validation in etcd
https://notcve.org/view.php?id=CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. En etcd versiones anteriores a 3.3.23 y 3.4.10, es posible tener un índice de entrada mayor que el número de entradas en el método ReadAll en el archivo wal/wal.go. Esto podría causar problemas cuando las entradas de WAL se leen durante el consenso, ya que un participante arbitrario del consenso etcd, podría descender a partir de un pánico en tiempo de ejecución cuando lee la entrada A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when reading the entry. • https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15112 https://bugzilla.redhat.com/show_bug.cgi?id=1868872 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15113 – Improper Preservation of Permissions in etcd
https://notcve.org/view.php?id=CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). En etcd versiones anteriores a 3.3.23 y 3.4.10, determinadas rutas de directorio son creadas (directorio de datos de etcd y la ruta de directorio cuando se proporcionaba para generar automáticamente certificados autofirmados para conexiones TLS con clientes) con permisos de acceso restringido (700) usando os.MkdirAll. Esta función no realiza ninguna comprobación de permisos cuando una ruta de directorio dada ya existe. • https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15113 https://bugzilla.redhat.com/show_bug.cgi?id=1868870 • CWE-281: Improper Preservation of Permissions CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15106 – Improper Input Validation in etcd
https://notcve.org/view.php?id=CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. En etcd versiones anteriores a 3.3.23 y 3.4.10, un segmento grande causa pánico en el método decodeRecord. El tamaño de un registro es almacenado en el campo de longitud de un archivo WAL y no se hace ninguna comprobación adicional en estos datos. • https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15106 https://bugzilla.redhat.com/show_bug.cgi?id=1868883 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-16886 – etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
https://notcve.org/view.php?id=CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. etcd, en sus versiones 3.2.x anteriores a la 3.2.26 y versiones 3.3.x anteriores a la 3.3.11, es vulnerable a una autorización incorrecta cuando se emplea un control de acceso basado en roles (RBAC) y client-cert-auth se encuentra habilitado. Si un certificado TLS del servidor etcd del cliente contiene un "Common Name" (CN) que coincide con un nombre de usuario RBAC válido, un atacante remoto podría autenticarse como dicho usuario con cualquier certificado (confiable) del cliente en una petición REST API en gRPC-gateway. Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. • http://www.securityfocus.com/bid/106540 https://access.redhat.com/errata/RHSA-2019:0237 https://access.redhat.com/errata/RHSA-2019:1352 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1099
https://notcve.org/view.php?id=CVE-2018-1099
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). Se ha encontrado una vulnerabilidad de revinculación de DNS en etcd, en versiones 3.3.1 y anteriores. Un atacante puede controlar sus registros de DNS para dirigirse a locahost y engañar al navegador para que envíe peticiones a localhost (o a cualquier otra dirección). • https://bugzilla.redhat.com/show_bug.cgi?id=1552717 https://github.com/coreos/etcd/issues/9353 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS • CWE-20: Improper Input Validation •