Cleartext storage of sensitive information in etcd - #VU130096

 

Cleartext storage of sensitive information in etcd - #VU130096

Published: August 5, 2020 / Updated: May 5, 2026


Vulnerability identifier: #VU130096
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: CoreOS
Affected software:
etcd

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to plaintext storage of credentials in wal log entries when processing user authentication. A local user can read insecurely stored wal log files to disclose sensitive information.

User credentials are written to wal entries on each user authentication.


Remediation

Install security update from vendor's website.

Sources