CVEFinder.io

CVE-2023-32082

ℹī¸ low
🔍 Scan for this CVE
Summary

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.

CVSS Score
3.1
Low
EPSS Score
0.2
Exploit Probability
Published Date
2023-05-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.1% of all 329,778 vulnerabilities in our database.

#322,906
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jan 24, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-200

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
etcd etcd Affected
< 3.4.26
etcd etcd Affected
≥ 3.5.0 < 3.5.9

🔗 References 4

https://github.com/etcd-io/etcd/blob/main/CHANGELOG/...
Release Notes
https://github.com/etcd-io/etcd/blob/main/CHANGELOG/...
Release Notes
https://github.com/etcd-io/etcd/pull/15656
Issue Tracking Patch
https://github.com/etcd-io/etcd/security/advisories/...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44283 đŸ”ļ medium 0.0 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulne... 2026-05-14
CVE-2026-33343 đŸ”ļ medium 0.0 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2026-33413 ⚠ī¸ high 8.8 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2022-34038 ⚠ī¸ high 7.5 0.6 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: t... 2023-08-22
CVE-2021-28235 ⛔ critical 9.8 0.5 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug func... 2023-04-04
CVE-2020-15106 đŸ”ļ medium 6.5 0.1 In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is st... 2020-08-05
These CVEs affect the same products