Main Vulnerability Database Vulnerabilities #VU130096

Cleartext storage of sensitive information in etcd - #VU130096

Published: August 5, 2020 / Updated: May 5, 2026

Vulnerability identifier: #VU130096

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to plaintext storage of credentials in wal log entries when processing user authentication. A local user can read insecurely stored wal log files to disclose sensitive information.

User credentials are written to wal entries on each user authentication.

Remediation

Install security update from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-528j-9r78-wffx

Cleartext storage of sensitive information in etcd - #VU130096

Description

Remediation

External links

Please verify you're human