Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etcd etcd vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the...
Etcd Etcd
9.8
CVSSv3
CVE-2021-28235
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote malicious users to escalate privileges via the debug function.
Etcd Etcd 3.4.10
7.5
CVSSv3
CVE-2022-34038
Etcd v3.5.4 allows remote malicious users to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
Etcd Etcd 3.5.4
6.5
CVSSv3
CVE-2020-15112
In etcd prior to 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from...
Etcd Etcd
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2020-15106
In etcd prior to 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can uni...
Etcd Etcd
Fedoraproject Fedora 32
7.1
CVSSv3
CVE-2020-15113
In etcd prior to 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll...
Etcd Etcd
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2023-46307
An issue exists in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote sy...
Buddho Etcd Browser -
8.8
CVSSv3
CVE-2018-1098
A cross-site request forgery flaw was found in etcd 3.3.1 and previous versions. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or ...
Redhat Etcd
Fedoraproject Fedora 30
7.7
CVSSv3
CVE-2020-15114
In etcd prior to 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of...
Redhat Etcd
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2020-15136
In ectd prior to 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverE...
Redhat Etcd
Fedoraproject Fedora 32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »