{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","type":"deb","namespace":"debian","name":"etcd","version":"3.4.23-4","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.30-1","latest_non_vulnerable_version":"3.5.16-11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66662?format=json","vulnerability_id":"VCID-atan-a5vx-8beb","summary":"etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44283","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01751","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0176","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01763","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01746","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01757","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44283"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-16T00:40:39Z/"}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44283","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136829","reference_id":"1136829","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2026-44283","GHSA-x35m-3gp4-4fh5"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atan-a5vx-8beb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64287?format=json","vulnerability_id":"VCID-nrsb-6br9-pkdt","summary":"etcd: etcd: Authorization bypass allows information disclosure and denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33413.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33413.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33413","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11959","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1206","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12023","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11948","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33413"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:51:34Z/"}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33413","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33413"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132038","reference_id":"1132038","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132038"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451728","reference_id":"2451728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21769","reference_id":"RHSA-2026:21769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22347","reference_id":"RHSA-2026:22347","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23345","reference_id":"RHSA-2026:23345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2026-33413","GHSA-q8m4-xhhv-38mg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrsb-6br9-pkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66659?format=json","vulnerability_id":"VCID-se4h-nfhg-jqh2","summary":"Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.","references":[{"reference_url":"http://etcd.com","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T17:24:41Z/"}],"url":"http://etcd.com"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28235.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28235","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56853","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56902","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56884","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56899","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56911","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28235"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T17:24:41Z/"}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/pull/15648","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T17:24:41Z/"}],"url":"https://github.com/etcd-io/etcd/pull/15648"},{"reference_url":"https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T17:24:41Z/"}],"url":"https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png"},{"reference_url":"https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T17:24:41Z/"}],"url":"https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28235","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28235"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034840","reference_id":"1034840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184441","reference_id":"2184441","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3441","reference_id":"RHSA-2023:3441","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3445","reference_id":"RHSA-2023:3445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3447","reference_id":"RHSA-2023:3447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3447"},{"reference_url":"https://usn.ubuntu.com/6189-1/","reference_id":"USN-6189-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6189-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93603?format=json","purl":"pkg:deb/debian/etcd@3.4.30-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.30-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2021-28235","GHSA-gmph-wf7j-9gcm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-se4h-nfhg-jqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64288?format=json","vulnerability_id":"VCID-upwc-wds5-8kfq","summary":"etcd: etcd: Authorization bypass allows information disclosure via nested transactions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33343.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33343","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0622","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06259","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06253","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06208","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33343"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-rfx7-8w68-q57q","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:13:49Z/"}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-rfx7-8w68-q57q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33343","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33343"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132037","reference_id":"1132037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132037"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451727","reference_id":"2451727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451727"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2026-33343","GHSA-rfx7-8w68-q57q"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upwc-wds5-8kfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66661?format=json","vulnerability_id":"VCID-xfyh-smm7-x7ds","summary":"etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32082.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32082","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58471","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5848","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64675","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64657","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64667","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32082"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T21:29:19Z/"}],"url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md"},{"reference_url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T21:29:19Z/"}],"url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md"},{"reference_url":"https://github.com/etcd-io/etcd/pull/15656","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T21:29:19Z/"}],"url":"https://github.com/etcd-io/etcd/pull/15656"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T21:29:19Z/"}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32082","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32082"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036295","reference_id":"1036295","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036295"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208131","reference_id":"2208131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3441","reference_id":"RHSA-2023:3441","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3441"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93603?format=json","purl":"pkg:deb/debian/etcd@3.4.30-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.30-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2023-32082","GHSA-3p4g-rcw5-8298"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfyh-smm7-x7ds"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66653?format=json","vulnerability_id":"VCID-9taf-ce3j-3ke4","summary":"In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15106","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35167","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35146","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3518","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf"},{"reference_url":"https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675"},{"reference_url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07"},{"reference_url":"https://github.com/etcd-io/etcd/pull/11793","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/pull/11793"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15106","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15106"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0005","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868883","reference_id":"1868883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868883"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1407","reference_id":"RHSA-2021:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15106","GHSA-p4g4-wgrh-qrg2"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9taf-ce3j-3ke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66655?format=json","vulnerability_id":"VCID-9y9x-6m28-73f8","summary":"In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15113","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07178","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07215","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07209","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b"},{"reference_url":"https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15113","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868870","reference_id":"1868870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868870"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15113","GHSA-chh6-ppwq-jh92"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y9x-6m28-73f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66654?format=json","vulnerability_id":"VCID-crkw-h7ga-bbdh","summary":"In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15112","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29433","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29419","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29452","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29485","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf"},{"reference_url":"https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865"},{"reference_url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07"},{"reference_url":"https://github.com/etcd-io/etcd/pull/11793","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/pull/11793"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15112","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15112"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868872","reference_id":"1868872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868872"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1407","reference_id":"RHSA-2021:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15112","GHSA-m332-53r6-2w93"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crkw-h7ga-bbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66652?format=json","vulnerability_id":"VCID-fnr2-n5dv-buhw","summary":"etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0237","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1352","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1352"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16886.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16886","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65766","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65713","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65772","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65777","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65764","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65754","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16886"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication"},{"reference_url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication"},{"reference_url":"https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d"},{"reference_url":"https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2"},{"reference_url":"https://github.com/etcd-io/etcd/pull/10366","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/pull/10366"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16886","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16886"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0077","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0077"},{"reference_url":"http://www.securityfocus.com/bid/106540","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1651034","reference_id":"1651034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1651034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923008","reference_id":"923008","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93601?format=json","purl":"pkg:deb/debian/etcd@3.2.26%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.2.26%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2018-16886","GHSA-h6xx-pmxh-3wgp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnr2-n5dv-buhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66656?format=json","vulnerability_id":"VCID-jaw8-vgd4-7fhx","summary":"In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15114.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15114","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61855","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61865","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61854","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61839","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15114","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868874","reference_id":"1868874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15114","GHSA-2xhq-gv6c-p224"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jaw8-vgd4-7fhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66650?format=json","vulnerability_id":"VCID-mbzg-a4tu-vffe","summary":"A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1098.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1098","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49828","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4981","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4984","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49786","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49858","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49849","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552714","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56"},{"reference_url":"https://github.com/coreos/etcd/issues/9353","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coreos/etcd/issues/9353"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1098","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156","reference_id":"921156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93597?format=json","purl":"pkg:deb/debian/etcd@3.4.23-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2018-1098","GHSA-5gjm-fj42-x983"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbzg-a4tu-vffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66651?format=json","vulnerability_id":"VCID-thzb-abv9-nud7","summary":"DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1099.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1099","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20895","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21001","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20956","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20939","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21014","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552717","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1099"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56"},{"reference_url":"https://github.com/coreos/etcd/issues/9353","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coreos/etcd/issues/9353"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1099","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1099"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156","reference_id":"921156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93597?format=json","purl":"pkg:deb/debian/etcd@3.4.23-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2018-1099","GHSA-wf43-55jj-vwq8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thzb-abv9-nud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66657?format=json","vulnerability_id":"VCID-tm69-kt83-fua5","summary":"etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15115.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15115","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53696","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53719","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53732","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53723","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53665","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15115","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868878","reference_id":"1868878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868878"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15115","GHSA-4993-m7g5-r9hh"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm69-kt83-fua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=json","vulnerability_id":"VCID-ufhh-752s-ruaj","summary":"In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15136.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15136","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54357","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54359","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54356","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54335","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15136"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15136"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868880","reference_id":"1868880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968752","reference_id":"968752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15136","GHSA-wr2v-9rpq-c35q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhh-752s-ruaj"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"}