GHSA-gmph-wf7j-9gcm

Suggest an improvement
Source
https://github.com/advisories/GHSA-gmph-wf7j-9gcm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-gmph-wf7j-9gcm/GHSA-gmph-wf7j-9gcm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gmph-wf7j-9gcm
Aliases
Published
2023-04-04T15:30:27Z
Modified
2023-12-06T00:45:59.224589Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Etcd-io Improper Authentication vulnerability
Details

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5.

References

Affected packages

Go / go.etcd.io/etcd/v3

Package

Name
go.etcd.io/etcd/v3
View open source insights on deps.dev
Purl
pkg:golang/go.etcd.io/etcd/v3

Affected ranges

Affected versions

3.*

3.4.10