rpm package
opensuse/etcd-for-k8s1.32&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/etcd-for-k8s1.32&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45339 | Hig | 7.1 | < 3.5.24-1.1 | 3.5.24-1.1 | Jan 28, 2025 | When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and | |
| CVE-2021-20329 | — | < 3.5.24-1.1 | 3.5.24-1.1 | Jun 10, 2021 | Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO D |
- affected < 3.5.24-1.1fixed 3.5.24-1.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and
- CVE-2021-20329Jun 10, 2021affected < 3.5.24-1.1fixed 3.5.24-1.1
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO D