摘要:
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).
安全等级: Low
公告ID: KylinSec-SA-2022-1420
发布日期: 2022年7月22日
关联CVE: CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2020-15113 | KY3.4-4A | etcd | Unaffected |
| CVE-2020-15113 | KY3.4-5 | etcd | Unaffected |
| CVE-2020-15113 | KY3.5.1 | etcd | Unaffected |
