Search for packages
| purl | pkg:rpm/redhat/etcd@3.4.26-1?arch=el9ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-my73-sc8s-3faj
Aliases: CVE-2023-32082 GHSA-3p4g-rcw5-8298 |
etcd Key name can be accessed via LeaseTimeToLive API ### Impact LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). ### Patches < v3.4.26 and < v3.5.9 are affected. ### Workarounds No. ### Reporter Yoni Rozenshein | There are no reported fixed by versions. |
|
VCID-pb9m-ts3k-uban
Aliases: CVE-2021-28235 GHSA-gmph-wf7j-9gcm |
Etcd-io Improper Authentication vulnerability Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.[3.5.8](https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md#etcd-server) and was also backported to [3.4](https://github.com/etcd-io/etcd/pull/15655) and [3.5](https://github.com/etcd-io/etcd/pull/15653). | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:54:32.043577+00:00 | RedHat Importer | Affected by | VCID-pb9m-ts3k-uban | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28235.json | 38.0.0 |
| 2026-04-01T13:53:55.360452+00:00 | RedHat Importer | Affected by | VCID-my73-sc8s-3faj | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32082.json | 38.0.0 |