Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etcd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the...
Etcd Etcd
NA
CVE-2022-34038
Etcd v3.5.4 allows remote malicious users to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
Etcd Etcd 3.5.4
NA
CVE-2021-28235
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote malicious users to escalate privileges via the debug function.
Etcd Etcd 3.4.10
4
CVSSv2
CVE-2020-15106
In etcd prior to 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can uni...
Etcd Etcd
Fedoraproject Fedora 32
3.6
CVSSv2
CVE-2020-15113
In etcd prior to 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll...
Etcd Etcd
Fedoraproject Fedora 32
4
CVSSv2
CVE-2020-15112
In etcd prior to 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from...
Etcd Etcd
Fedoraproject Fedora 32
NA
CVE-2023-46307
An issue exists in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote sy...
Buddho Etcd Browser -
5
CVSSv2
CVE-2020-15115
etcd prior to 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an malicious user to guess or brute-force users' passwords with little computational effort.
Redhat Etcd
Fedoraproject Fedora 32
6.8
CVSSv2
CVE-2018-1098
A cross-site request forgery flaw was found in etcd 3.3.1 and previous versions. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or ...
Redhat Etcd
Fedoraproject Fedora 30
2.1
CVSSv2
CVE-2018-1099
DNS rebinding vulnerability found in etcd 3.3.1 and previous versions. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Redhat Etcd
Fedoraproject Fedora 30
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »