etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-11T19:22:56.442Z

Updated: 2024-08-02T15:03:29.172Z

Reserved: 2023-05-01T16:47:35.316Z

Link: CVE-2023-32082

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-11T20:15:09.500

Modified: 2024-11-21T08:02:40.597

Link: CVE-2023-32082

cve-icon Redhat

Severity : Low

Publid Date: 2023-05-11T00:00:00Z

Links: CVE-2023-32082 - Bugzilla