WS-2022-0329 (Critical) detected in go.etcd.io/etcd-v0.5.0-alpha.5.0.20181228115726-23731bf9ba55

[mend-bolt-for-github[bot]]

WS-2022-0329 - Critical Severity Vulnerability

Vulnerable Library - go.etcd.io/etcd-v0.5.0-alpha.5.0.20181228115726-23731bf9ba55

Distributed reliable key-value store for the most critical data of a distributed system

Library home page: https://proxy.golang.org/go.etcd.io/etcd/@v/v0.5.0-alpha.5.0.20181228115726-23731bf9ba55.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy: - github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7 (Root Library) - :x: **go.etcd.io/etcd-v0.5.0-alpha.5.0.20181228115726-23731bf9ba55** (Vulnerable Library)

Found in HEAD commit: 999f5d255a183e22a067e6411929924a0bacd65f

Found in base branch: main

Vulnerability Details

etcd vulnerable to TOCTOU of gateway endpoint authentication

Publish Date: 2022-10-07

URL: WS-2022-0329

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-h8g9-6gvh-5mrc

Release Date: 2022-10-07

Fix Resolution: 3.3.23,3.4.10

---

Step up your Open Source Security Game with Mend here