Search for packages
| purl | pkg:deb/debian/etcd@3.3.25%2Bdfsg-6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7565-6bvk-mqgx
Aliases: CVE-2018-1099 GHSA-wf43-55jj-vwq8 |
DNS Rebinding in etcd DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). |
Affected by 2 other vulnerabilities. |
|
VCID-my73-sc8s-3faj
Aliases: CVE-2023-32082 GHSA-3p4g-rcw5-8298 |
etcd Key name can be accessed via LeaseTimeToLive API ### Impact LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). ### Patches < v3.4.26 and < v3.5.9 are affected. ### Workarounds No. ### Reporter Yoni Rozenshein |
Affected by 0 other vulnerabilities. |
|
VCID-pb9m-ts3k-uban
Aliases: CVE-2021-28235 GHSA-gmph-wf7j-9gcm |
Etcd-io Improper Authentication vulnerability Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.[3.5.8](https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md#etcd-server) and was also backported to [3.4](https://github.com/etcd-io/etcd/pull/15655) and [3.5](https://github.com/etcd-io/etcd/pull/15653). |
Affected by 0 other vulnerabilities. |
|
VCID-ud4m-y2s3-nban
Aliases: CVE-2018-1098 GHSA-5gjm-fj42-x983 |
etcd Cross-site Request Forgery (CSRF) A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15ma-yxfn-xbeu | Etcd Gateway can include itself as an endpoint resulting in resource exhaustion ### Vulnerability type Denial of Service ### Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc) |
CVE-2020-15114
GHSA-2xhq-gv6c-p224 |
| VCID-3533-gs1j-8yby | etcd has no minimum password length ### Vulnerability type Access Control ### Workarounds The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. [It is the responsibility of the administrator to enforce these requirements](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/authentication.md#notes-on-password-strength). ### Detail etcd does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users’ passwords with little computational effort. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc) |
CVE-2020-15115
GHSA-4993-m7g5-r9hh |
| VCID-7ebn-2p3p-bfg9 | Improper Preservation of Permissions in etcd ### Vulnerability type Access Controls ### Detail etcd creates certain directory paths (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. ### Specific Go Package Affected github.com/etcd-io/etcd/pkg/fileutil ### Workarounds Make sure these directories have the desired permit (700). ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc) |
CVE-2020-15113
GHSA-chh6-ppwq-jh92 |
| VCID-e63c-7p3h-f3gj | Panic due to malformed WALs in go.etcd.io/etcd ### Vulnerability type Data Validation ### Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. ### Specific Go Packages Affected github.com/etcd-io/etcd/wal ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc) |
CVE-2020-15106
GHSA-p4g4-wgrh-qrg2 |
| VCID-uyag-gzdr-kbf9 | etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic ### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md) |
CVE-2020-15112
GHSA-m332-53r6-2w93 |
| VCID-vj2t-6kre-53h6 | Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records ### Vulnerability type Cryptography ### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc) |
CVE-2020-15136
GHSA-wr2v-9rpq-c35q |