CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "32"
                }
            ],
            "vendor_product": "fedoraproject:fedora"
        }
    ]
}

References

Affected packages

Git / github.com/etcd-io/etcd

Affected ranges

Type

GIT

Repo

https://github.com/etcd-io/etcd

Events

Introduced

c23606781f63d09917a1e7abfcefeb337a9608ea

Fixed

4873f5516bd98c82dddb81247038337f25abac4e

Introduced

898bd1351fcf6e0ebce8d7c8bbbbf3f3e42aa42c

Fixed

18dfb9cca345bb2b2fbe73d5fc31028c2477bef1

Database specific

{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.23"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.10"
        }
    ],
    "cpe": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*"
}

Affected versions

v3.*

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.14-beta.0

v3.3.14-rc.0

v3.3.15

v3.3.16

v3.3.17

v3.3.18

v3.3.19

v3.3.2

v3.3.20

v3.3.21

v3.3.22

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15115.json"