VulnerableCode Package Details - pkg:deb/debian/etcd@3.5.16-4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-my73-sc8s-3faj	etcd Key name can be accessed via LeaseTimeToLive API ### Impact LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). ### Patches < v3.4.26 and < v3.5.9 are affected. ### Workarounds No. ### Reporter Yoni Rozenshein	CVE-2023-32082 GHSA-3p4g-rcw5-8298
VCID-pb9m-ts3k-uban	Etcd-io Improper Authentication vulnerability Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.[3.5.8](https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md#etcd-server) and was also backported to [3.4](https://github.com/etcd-io/etcd/pull/15655) and [3.5](https://github.com/etcd-io/etcd/pull/15653).	CVE-2021-28235 GHSA-gmph-wf7j-9gcm

Vulnerability

Summary

Aliases

VCID-my73-sc8s-3faj

etcd Key name can be accessed via LeaseTimeToLive API ### Impact LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). ### Patches < v3.4.26 and < v3.5.9 are affected. ### Workarounds No. ### Reporter Yoni Rozenshein

CVE-2023-32082
GHSA-3p4g-rcw5-8298

VCID-pb9m-ts3k-uban

Etcd-io Improper Authentication vulnerability Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.[3.5.8](https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md#etcd-server) and was also backported to [3.4](https://github.com/etcd-io/etcd/pull/15655) and [3.5](https://github.com/etcd-io/etcd/pull/15653).

CVE-2021-28235
GHSA-gmph-wf7j-9gcm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:03:47.923628+00:00	Debian Importer	Fixing	VCID-my73-sc8s-3faj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:37:32.747714+00:00	Debian Importer	Fixing	VCID-pb9m-ts3k-uban	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:14:35.049533+00:00	Debian Importer	Fixing	VCID-my73-sc8s-3faj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:10:54.336320+00:00	Debian Importer	Fixing	VCID-pb9m-ts3k-uban	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:13:38.004890+00:00	Debian Importer	Fixing	VCID-my73-sc8s-3faj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:49.871960+00:00	Debian Importer	Fixing	VCID-pb9m-ts3k-uban	https://security-tracker.debian.org/tracker/data/json	38.1.0