Showing 1 - 1 of 1

CVE-2023-32082

Status Candidate

Overview

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.

Related Files

Red Hat Security Advisory 2023-3441-01: Posted Jun 6, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3441-01 - An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby).; tags | advisory; systems | linux, redhat; advisories | CVE-2021-28235, CVE-2023-32082; SHA-256 | c457f8a53f373c4cb34415dccd36fda381566394bbda3f1ef70590df4705eb0b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 380 files
Ubuntu 86 files
Debian 26 files
Gentoo 18 files
tmrswrr 10 files
Ph0s 5 files
R0ckE7 5 files
Google Security Research 4 files
Rahad Chowdhury 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,910)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,831)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,131)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

CVE-2023-32082

Overview

Related Files

File Archive:

November 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems