Vulnerabilities > Etcd

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2022-34038 Out-of-bounds Write vulnerability in Etcd 3.5.4
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go.
network
low complexity
etcd CWE-787
7.5
2023-05-11 CVE-2023-32082 Unspecified vulnerability in Etcd
etcd is a distributed key-value store for the data of a distributed system.
network
low complexity
etcd
4.3
2023-04-04 CVE-2021-28235 Improper Authentication vulnerability in Etcd 3.4.10
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
network
low complexity
etcd CWE-287
critical
9.8
2020-08-05 CVE-2020-15113 Improper Preservation of Permissions vulnerability in multiple products
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll.
local
low complexity
etcd fedoraproject CWE-281
7.1
2020-08-05 CVE-2020-15112 Improper Validation of Array Index vulnerability in multiple products
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go.
network
low complexity
etcd fedoraproject CWE-129
6.5
2020-08-05 CVE-2020-15106 In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method.
network
low complexity
etcd fedoraproject
6.5
2019-01-14 CVE-2018-16886 Improper Authentication vulnerability in multiple products
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled.
network
high complexity
etcd redhat fedoraproject CWE-287
8.1