Skip to main content

Etcd

11 CVEs product

Monthly

CVE-2026-59818 HIGH PATCH This Week

Certificate revocation bypass in etcd affects clusters running versions before 3.5.32 and before 3.6.13 that are configured with --listen-client-http-urls to serve HTTP and gRPC client traffic on separate listeners. In that split-listener mode the --client-crl-file Certificate Revocation List is silently ignored on the gRPC listener, so a client presenting a certificate the operator has explicitly revoked can still complete mutual-TLS authentication and gain full read/write access to the key-value store. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but the technical impact is total for anyone relying on CRL-based deauthorization.

Information Disclosure Etcd
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-32082 Go MEDIUM PATCH This Month

etcd is a distributed key-value store for the data of a distributed system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Etcd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-28235 Go CRITICAL Act Now

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etcd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15136 Go MEDIUM PATCH This Month

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-15114 Go HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Etcd Fedora
NVD GitHub
CVSS 3.1
7.7
EPSS
1.2%
CVE-2020-15115 Go HIGH PATCH This Week

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Etcd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15113 Go HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-15112 Go MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15106 Go MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2018-1099 Go MEDIUM POC PATCH This Month

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1098 Go HIGH POC PATCH This Week

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Etcd Fedora
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Certificate revocation bypass in etcd affects clusters running versions before 3.5.32 and before 3.6.13 that are configured with --listen-client-http-urls to serve HTTP and gRPC client traffic on separate listeners. In that split-listener mode the --client-crl-file Certificate Revocation List is silently ignored on the gRPC listener, so a client presenting a certificate the operator has explicitly revoked can still complete mutual-TLS authentication and gain full read/write access to the key-value store. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but the technical impact is total for anyone relying on CRL-based deauthorization.

Information Disclosure Etcd
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

etcd is a distributed key-value store for the data of a distributed system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Etcd
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etcd
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Etcd Fedora
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Etcd Fedora
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Etcd +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Etcd Fedora
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Etcd Fedora
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy