Lucene search
PRIOn knowledge basePRION:CVE-2023-32082HistoryMay 11, 2023 - 8:15 p.m.
Code injection
2023-05-1120:15:00
PRIOn knowledge base
www.prio-n.com
16
etcd
leasetimetolive
code injection
key-value store
distributed system
rbac
auth
security issue
fix
nvd
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when Keys parameter is true, even a user doesn’t have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
Related
cbl_mariner
cbl_mariner
CVE-2023-32082 affecting package etcd for versions less than 3.5.3-10
2023-02-14 20:24:03
nvd
nvd
CVE-2023-32082
2023-05-11 20:15:09
veracode
veracode
Information Disclosure
2023-05-17 05:21:49
ubuntucve
ubuntucve
CVE-2023-32082
2023-05-11 00:00:00
osv
osv
etcd Key name can be accessed via LeaseTimeToLive API
2023-05-12 20:19:50
BIT-etcd-2023-32082
2024-03-06 10:51:44
CVE-2023-32082
2023-05-11 20:15:09
github
github
etcd Key name can be accessed via LeaseTimeToLive API
2023-05-12 20:19:50
cve
cve
CVE-2023-32082
2023-05-11 20:15:09
debiancve
debiancve
CVE-2023-32082
2023-05-11 20:15:09
openvas
openvas
cvelist
cvelist
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
2023-05-11 19:22:56
redhatcve
redhatcve
CVE-2023-32082
2023-05-18 04:27:32
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0398
2023-05-25 00:00:00
Moderate Photon OS Security Update - PHSA-2023-5.0-0012
2023-05-26 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0586
2023-05-25 00:00:00
nessus
nessus
RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:3441)
2024-04-28 00:00:00
RHEL 7 : etcd (Unpatched Vulnerability)
2024-05-11 00:00:00
redhat
redhat