Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15113

Опубликовано: 05 авг. 2020
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

A flaw was found in etcd. Certain directory paths are created with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already.

Отчет

In Red Hat OpenShift Container Platform (RHOCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable etcd to authenticated users only, therefore the impact by this vulnerability is Low. A similar access restriction is in place in Red Hat OpenStack Platform (RHOSP) as etcd is limited to use within the internal API network, which is not accessible to any OpenStack tenants.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2etcdNot affected
Red Hat Enterprise Linux 7etcdAffected
Red Hat OpenStack Platform 15 (Stein)etcdFix deferred
Red Hat Storage 3etcdAffected
Red Hat OpenShift Container Platform 4.8openshift4/ose-etcdFixedRHSA-2021:243827.07.2021
Red Hat OpenStack Platform 16.1etcdFixedRHSA-2021:091617.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1868870etcd: directories created via os.MkdirAll are not checked for permissions

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15113

CVSS3: 5.7
ubuntu
больше 5 лет назад

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

nvd логотип

CVE-2020-15113

CVSS3: 5.7
nvd
больше 5 лет назад

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

msrc логотип

CVE-2020-15113

CVSS3: 7.1
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-15113

CVSS3: 5.7
debian
больше 5 лет назад

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...

github логотип

GHSA-chh6-ppwq-jh92

CVSS3: 5.7
github
около 2 лет назад

Improper Preservation of Permissions in etcd

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3