CVE-2023-32082 @ Go-go.etcd.io/etcd/server/v3-v3.5.0

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2023-32082) about CVE-2023-32082
**Applications:** [yael's application](https://deu.ast.checkmarx.net/applicationsAndProjects/applications?app=8af7454f-f6db-425f-a9a1-fb019c2f2cc7) 
**Checkmarx Project:** [Yoavast/CX\-AST](https://deu.ast.checkmarx.net/projects/41a8cb3d-c55b-472e-9595-36746c7958b7/overview?branch=main)
**Repository URL:** [https://github.com/Yoavast/CX\-AST](https://github.com/Yoavast/CX-AST)
**Branch:** main
**Severity:** MEDIUM
**State:** TO_VERIFY
**Status:** RECURRENT
**Scan ID:** [b70b7227\-90db\-4075\-88cb\-4c196077be97](https://deu.ast.checkmarx.net/projects/41a8cb3d-c55b-472e-9595-36746c7958b7/scans?id=b70b7227-90db-4075-88cb-4c196077be97&branch=main)


----
The package etcd is a distributed key-value store for the data of a distributed system. In versions prior to 3.4.26, 3.5.x prior to 3.5.9, and 3.6.0-alpha.0 the "LeaseTimeToLive" API allows access to key names (not value) associated with a lease when "Keys" parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster that enables auth (RBAC).





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** v3.5.9


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-32082 @ Go-go.etcd.io/etcd/server/v3-v3.5.0 #111

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2023-32082 @ Go-go.etcd.io/etcd/server/v3-v3.5.0 #111

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions