Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
etcd key name can be accessed via LeaseTimeToLive API
Vulnerability Description
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
etcd 信息泄露漏洞
Vulnerability Description
etcd是一套使用Go语言编写的用于分布式系统的键值存储系统。 etcd 3.4版本至3.4.26之前版本、3.5版本至3.5.9之前版本存在信息泄露漏洞,该漏洞源于密钥名称可以通过LeaseTimeToLive API访问。
CVSS Information
N/A
Vulnerability Type
N/A