CVE-2020-15113

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier

Description The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission checks when a given directory path exists already. This affects the etcd data directory and the directory path used for automatically generating self-signed certificates for TLS connections with clients.

Recommendations For etcd versions 3.3.23 and earlier, ensure the directories have the desired permission (700) as a workaround. For etcd versions 3.4.10 and earlier, ensure the directories have the desired permission (700) as a workaround.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ALT-PU-2020-2736

ALT-PU-2021-1544

ALT-PU-2022-1247

AZL-6390

BIT-ETCD-2020-15113

CVE-2020-15113

GHSA-CHH6-PPWQ-JH92

RHSA-2021:0916

USN-5628-1

USN-5628-2

Affected Products

Alt Linux

Linuxmint

Ubuntu

Etcd

CVE-2020-15113

Weakness Enumeration

Related Identifiers

Affected Products

References · 24