CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32082 – etcd key name can be accessed via LeaseTimeToLive API
https://notcve.org/view.php?id=CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. • https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md https://github.com/etcd-io/etcd/pull/15656 https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298 https://access.redhat.com/security/cve/CVE-2023-32082 https://bugzilla.redhat.com/show_bug.cgi?id=2208131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15112 – Improper Input Validation in etcd
https://notcve.org/view.php?id=CVE-2020-15112
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. En etcd versiones anteriores a 3.3.23 y 3.4.10, es posible tener un índice de entrada mayor que el número de entradas en el método ReadAll en el archivo wal/wal.go. Esto podría causar problemas cuando las entradas de WAL se leen durante el consenso, ya que un participante arbitrario del consenso etcd, podría descender a partir de un pánico en tiempo de ejecución cuando lee la entrada A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when reading the entry. • https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15112 https://bugzilla.redhat.com/show_bug.cgi?id=1868872 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15113 – Improper Preservation of Permissions in etcd
https://notcve.org/view.php?id=CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). En etcd versiones anteriores a 3.3.23 y 3.4.10, determinadas rutas de directorio son creadas (directorio de datos de etcd y la ruta de directorio cuando se proporcionaba para generar automáticamente certificados autofirmados para conexiones TLS con clientes) con permisos de acceso restringido (700) usando os.MkdirAll. Esta función no realiza ninguna comprobación de permisos cuando una ruta de directorio dada ya existe. • https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15113 https://bugzilla.redhat.com/show_bug.cgi?id=1868870 • CWE-281: Improper Preservation of Permissions CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15106 – Improper Input Validation in etcd
https://notcve.org/view.php?id=CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. En etcd versiones anteriores a 3.3.23 y 3.4.10, un segmento grande causa pánico en el método decodeRecord. El tamaño de un registro es almacenado en el campo de longitud de un archivo WAL y no se hace ninguna comprobación adicional en estos datos. • https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15106 https://bugzilla.redhat.com/show_bug.cgi?id=1868883 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-16886 – etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
https://notcve.org/view.php?id=CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. etcd, en sus versiones 3.2.x anteriores a la 3.2.26 y versiones 3.3.x anteriores a la 3.3.11, es vulnerable a una autorización incorrecta cuando se emplea un control de acceso basado en roles (RBAC) y client-cert-auth se encuentra habilitado. Si un certificado TLS del servidor etcd del cliente contiene un "Common Name" (CN) que coincide con un nombre de usuario RBAC válido, un atacante remoto podría autenticarse como dicho usuario con cualquier certificado (confiable) del cliente en una petición REST API en gRPC-gateway. Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. • http://www.securityfocus.com/bid/106540 https://access.redhat.com/errata/RHSA-2019:0237 https://access.redhat.com/errata/RHSA-2019:1352 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-287: Improper Authentication •