VDB
DEBIAN-CVE-2020-15113
DEBIAN-CVE-2020-15113
PUBLISHED
CVSS 7.099999904632568 HIGH
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | etcd | 0, 0, 0 |
| Debian:12 | etcd | 0, 0, 0 |
| Debian:14 | etcd | 0, 0, 0 |
| Debian:13 | etcd | 0, 0, 0 |
Timeline
- Aug 5, 2020 CVE Published
- Apr 28, 2026 CVE Updated