{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","type":"deb","namespace":"debian","name":"etcd","version":"3.3.25+dfsg-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.4.23-1","latest_non_vulnerable_version":"3.5.16-11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66653?format=json","vulnerability_id":"VCID-9taf-ce3j-3ke4","summary":"In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15106","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35167","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35146","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3518","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf"},{"reference_url":"https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675"},{"reference_url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07"},{"reference_url":"https://github.com/etcd-io/etcd/pull/11793","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/pull/11793"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15106","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15106"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0005","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868883","reference_id":"1868883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868883"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1407","reference_id":"RHSA-2021:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15106","GHSA-p4g4-wgrh-qrg2"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9taf-ce3j-3ke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66655?format=json","vulnerability_id":"VCID-9y9x-6m28-73f8","summary":"In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15113","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07178","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07215","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07209","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15113"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/6be5c54c94298ae6746a574d2af8227d0c9a998b"},{"reference_url":"https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/e5424fc474b274c9e6b5205165015bc2035745f2"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15113","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868870","reference_id":"1868870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868870"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15113","GHSA-chh6-ppwq-jh92"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y9x-6m28-73f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66654?format=json","vulnerability_id":"VCID-crkw-h7ga-bbdh","summary":"In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15112","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29433","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29419","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29452","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29485","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29454","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf"},{"reference_url":"https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865"},{"reference_url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07"},{"reference_url":"https://github.com/etcd-io/etcd/pull/11793","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/pull/11793"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15112","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15112"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868872","reference_id":"1868872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868872"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1407","reference_id":"RHSA-2021:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15112","GHSA-m332-53r6-2w93"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crkw-h7ga-bbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66656?format=json","vulnerability_id":"VCID-jaw8-vgd4-7fhx","summary":"In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15114.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15114","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61855","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61865","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61854","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61839","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15114","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868874","reference_id":"1868874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://usn.ubuntu.com/5628-1/","reference_id":"USN-5628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5628-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5628-2/","reference_id":"USN-USN-5628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5628-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15114","GHSA-2xhq-gv6c-p224"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jaw8-vgd4-7fhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66657?format=json","vulnerability_id":"VCID-tm69-kt83-fua5","summary":"etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15115.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15115","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53696","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53719","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53732","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53723","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53665","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15115","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868878","reference_id":"1868878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868878"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740","reference_id":"968740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15115","GHSA-4993-m7g5-r9hh"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm69-kt83-fua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=json","vulnerability_id":"VCID-ufhh-752s-ruaj","summary":"In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15136.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15136","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54357","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54359","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54356","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54335","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15136"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"},{"reference_url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15136"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868880","reference_id":"1868880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968752","reference_id":"968752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0916","reference_id":"RHSA-2021:0916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93602?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93595?format=json","purl":"pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-mbzg-a4tu-vffe"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-thzb-abv9-nud7"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93596?format=json","purl":"pkg:deb/debian/etcd@3.4.23-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-se4h-nfhg-jqh2"},{"vulnerability":"VCID-upwc-wds5-8kfq"},{"vulnerability":"VCID-xfyh-smm7-x7ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93600?format=json","purl":"pkg:deb/debian/etcd@3.5.16-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93598?format=json","purl":"pkg:deb/debian/etcd@3.5.16-10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atan-a5vx-8beb"},{"vulnerability":"VCID-nrsb-6br9-pkdt"},{"vulnerability":"VCID-upwc-wds5-8kfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93599?format=json","purl":"pkg:deb/debian/etcd@3.5.16-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-11%3Fdistro=trixie"}],"aliases":["CVE-2020-15136","GHSA-wr2v-9rpq-c35q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhh-752s-ruaj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie"}