Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etcd etcd vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the...
Etcd Etcd
9.8
CVSSv3
CVE-2021-28235
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote malicious users to escalate privileges via the debug function.
Etcd Etcd 3.4.10
7.5
CVSSv3
CVE-2022-34038
Etcd v3.5.4 allows remote malicious users to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
Etcd Etcd 3.5.4
6.5
CVSSv3
CVE-2020-15106
In etcd prior to 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can uni...
Etcd Etcd
Fedoraproject Fedora 32
7.1
CVSSv3
CVE-2020-15113
In etcd prior to 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll...
Etcd Etcd
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2020-15112
In etcd prior to 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from...
Etcd Etcd
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2023-46307
An issue exists in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote sy...
Buddho Etcd Browser -
7.7
CVSSv3
CVE-2020-15114
In etcd prior to 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of...
Redhat Etcd
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2020-15115
etcd prior to 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an malicious user to guess or brute-force users' passwords with little computational effort.
Redhat Etcd
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2020-15136
In ectd prior to 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverE...
Redhat Etcd
Fedoraproject Fedora 32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »