Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7ebn-2p3p-bfg9
Summary
Improper Preservation of Permissions in etcd
### Vulnerability type
Access Controls

### Detail
etcd creates certain directory paths (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already.
### Specific Go Package Affected
github.com/etcd-io/etcd/pkg/fileutil
### Workarounds
Make sure these directories have the desired permit (700).

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
Aliases
0
alias CVE-2020-15113
1
alias GHSA-chh6-ppwq-jh92
Fixed_packages
0
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie
1
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6
2
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie
3
url pkg:deb/debian/etcd@3.4.23-4?distro=trixie
purl pkg:deb/debian/etcd@3.4.23-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-my73-sc8s-3faj
1
vulnerability VCID-pb9m-ts3k-uban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie
4
url pkg:deb/debian/etcd@3.5.16-4?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie
5
url pkg:deb/debian/etcd@3.5.16-10?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
purl pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.2.26%252Bdfsg-3
1
url pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
purl pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.3.23-1%3Farch=el8ost
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15113
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06346
published_at 2026-04-21T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06194
published_at 2026-04-18T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06182
published_at 2026-04-16T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06224
published_at 2026-04-13T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06234
published_at 2026-04-12T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06239
published_at 2026-04-11T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06248
published_at 2026-04-09T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06209
published_at 2026-04-08T12:55:00Z
8
value 0.00023
scoring_system epss
scoring_elements 0.06167
published_at 2026-04-07T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06114
published_at 2026-04-01T12:55:00Z
10
value 0.00023
scoring_system epss
scoring_elements 0.06152
published_at 2026-04-02T12:55:00Z
11
value 0.00023
scoring_system epss
scoring_elements 0.06183
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15113
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b
5
reference_url https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2
6
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15113
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15113
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868870
reference_id 1868870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868870
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
reference_id 968740
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
11
reference_url https://access.redhat.com/errata/RHSA-2021:0916
reference_id RHSA-2021:0916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0916
12
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
13
reference_url https://usn.ubuntu.com/5628-1/
reference_id USN-5628-1
reference_type
scores
url https://usn.ubuntu.com/5628-1/
14
reference_url https://usn.ubuntu.com/USN-5628-2/
reference_id USN-USN-5628-2
reference_type
scores
url https://usn.ubuntu.com/USN-5628-2/
Weaknesses
0
cwe_id 281
name Improper Preservation of Permissions
description The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
1
cwe_id 285
name Improper Authorization
description The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score4.0 - 7.1
Exploitability0.5
Weighted_severity6.4
Risk_score3.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7ebn-2p3p-bfg9