Go modules package
github.com/etcd-io/etcd
pkg:golang/github.com/etcd-io/etcd
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32082 | — | < 3.4.26 | 3.4.26 | May 11, 2023 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys | ||
| CVE-2020-15113 | — | >= 3.4.0-rc.0, < 3.4.10 | 3.4.10 | Aug 5, 2020 | In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.M |
- CVE-2023-32082May 11, 2023affected < 3.4.26fixed 3.4.26
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys
- CVE-2020-15113Aug 5, 2020affected >= 3.4.0-rc.0, < 3.4.10fixed 3.4.10
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.M