HomePentest-Tools.com Logo

etcd < 3.3.23, 3.4.x < 3.4.10 Multiple Vulnerabilities CVE-2020-15106CVE-2020-15112CVE-2020-15113CVE-2020-15114CVE-2020-15115CVE-2020-15136

Severity
CVSSv3 Score
6.5
Vulnerability description

etcd is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2020-15106: A large slice causes panic in decodeRecord method - CVE-2020-15112: An entry with large index causes panic in WAL ReadAll method - CVE-2020-15113: Directories created via os.MkdirAll are not checked for permissions - CVE-2020-15114: Gateway can include itself as an endpoint resulting in resource exhaustion - CVE-2020-15115: No minimum password length - CVE-2020-15136: Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Recommendation

Update to version 3.3.23, 3.4.10 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 5, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available