Open mend-bolt-for-github[bot] opened 2 years ago
github.com/etcd-io/etcd/etcdserver/api-v3.4.3
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy: - k8s.io/apiextensions-apiserver/pkg/registry/customresource-v0.0.0 (Root Library) - k8s.io/apiserver/pkg/registry/generic-v0.0.0 - k8s.io/apiserver/pkg/storage-v0.0.0 - github.com/etcd-io/etcd-v3.4.3 - github.com/etcd-io/etcd/etcdserver/api/v3rpc-v3.4.3 - :x: **github.com/etcd-io/etcd/etcdserver/api-v3.4.3** (Vulnerable Library)
Dependency Hierarchy: - :x: **github.com/etcd-io/etcd-v3.4.3** (Vulnerable Library)
Dependency Hierarchy: - k8s.io/apiextensions-apiserver/pkg/registry/customresource-v0.0.0 (Root Library) - k8s.io/apiserver/pkg/registry/generic-v0.0.0 - k8s.io/apiserver/pkg/storage-v0.0.0 - github.com/etcd-io/etcd-v3.4.3 - :x: **github.com/etcd-io/etcd/etcdserver/api/v2discovery-v3.4.3** (Vulnerable Library)
Found in HEAD commit: 04559d9f4a6d57d8fe5845ab7b2e53b2dca0ac76
Found in base branch: master
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery.
Publish Date: 2022-10-07
URL: WS-2022-0327
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-9gp7-6833-wv89
Release Date: 2022-10-07
Fix Resolution: 3.3.23,3.4.10
Step up your Open Source Security Game with Mend here
WS-2022-0327 - High Severity Vulnerability
github.com/etcd-io/etcd/etcdserver/api-v3.4.3
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy: - k8s.io/apiextensions-apiserver/pkg/registry/customresource-v0.0.0 (Root Library) - k8s.io/apiserver/pkg/registry/generic-v0.0.0 - k8s.io/apiserver/pkg/storage-v0.0.0 - github.com/etcd-io/etcd-v3.4.3 - github.com/etcd-io/etcd/etcdserver/api/v3rpc-v3.4.3 - :x: **github.com/etcd-io/etcd/etcdserver/api-v3.4.3** (Vulnerable Library)
github.com/etcd-io/etcd-v3.4.3
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy: - :x: **github.com/etcd-io/etcd-v3.4.3** (Vulnerable Library)
github.com/etcd-io/etcd/etcdserver/api/v2discovery-v3.4.3
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy: - k8s.io/apiextensions-apiserver/pkg/registry/customresource-v0.0.0 (Root Library) - k8s.io/apiserver/pkg/registry/generic-v0.0.0 - k8s.io/apiserver/pkg/storage-v0.0.0 - github.com/etcd-io/etcd-v3.4.3 - :x: **github.com/etcd-io/etcd/etcdserver/api/v2discovery-v3.4.3** (Vulnerable Library)
Found in HEAD commit: 04559d9f4a6d57d8fe5845ab7b2e53b2dca0ac76
Found in base branch: master
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery.
Publish Date: 2022-10-07
URL: WS-2022-0327
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-9gp7-6833-wv89
Release Date: 2022-10-07
Fix Resolution: 3.3.23,3.4.10
Step up your Open Source Security Game with Mend here