vulnerability

Debian: CVE-2020-15113: etcd -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:N/C:P/I:P/A:N)	2020-08-05	2024-07-30	2024-07-30

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:N)

Published

2020-08-05

Added

2024-07-30

Modified

2024-07-30

Description

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

Solution

debian-upgrade-etcd

References

CVE-2020-15113
https://attackerkb.com/topics/CVE-2020-15113

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today