{"id":"CVE-2023-32082","summary":"etcd key name can be accessed via LeaseTimeToLive API","details":"etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.","aliases":["BIT-etcd-2023-32082","GHSA-3p4g-rcw5-8298"],"modified":"2026-04-02T09:00:37.642949Z","published":"2023-05-11T19:22:56.442Z","related":["CGA-36vx-6qh6-4pw6"],"database_specific":{"cwe_ids":["CWE-200"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32082.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md"},{"type":"WEB","url":"https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32082.json"},{"type":"ADVISORY","url":"https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32082"},{"type":"FIX","url":"https://github.com/etcd-io/etcd/pull/15656"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/etcd-io/etcd","events":[{"introduced":"0"},{"fixed":"a603c0798948941d453b158af794edab1a8230be"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.26"}]}},{"type":"GIT","repo":"https://github.com/etcd-io/etcd","events":[{"introduced":"946a5a6f25c3b6b89408ab447852731bde6e6289"},{"fixed":"bdbbde998b7ed434b23676530d10dbd601c4a7c0"}],"database_specific":{"versions":[{"introduced":"3.5.0"},{"fixed":"3.5.9"}]}}],"versions":["0","api/v3.5.0","api/v3.5.0-alpha.0","api/v3.5.0-beta.2","api/v3.5.0-beta.3","api/v3.5.0-beta.4","api/v3.5.0-rc.0","api/v3.5.0-rc.1","api/v3.5.1","api/v3.5.10","api/v3.5.11","api/v3.5.12","api/v3.5.13","api/v3.5.14","api/v3.5.15","api/v3.5.16","api/v3.5.17","api/v3.5.18","api/v3.5.19","api/v3.5.2","api/v3.5.20","api/v3.5.21","api/v3.5.22","api/v3.5.23","api/v3.5.24","api/v3.5.25","api/v3.5.26","api/v3.5.27","api/v3.5.28","api/v3.5.29","api/v3.5.3","api/v3.5.4","api/v3.5.5","api/v3.5.6","api/v3.5.7","api/v3.5.8","api/v3.5.9","api/v3.6.0","api/v3.6.0-alpha.0","api/v3.6.0-rc.0","api/v3.6.0-rc.1","api/v3.6.0-rc.2","api/v3.6.0-rc.3","api/v3.6.0-rc.4","api/v3.6.0-rc.5","api/v3.6.1","api/v3.6.10","api/v3.6.2","api/v3.6.3","api/v3.6.4","api/v3.6.5","api/v3.6.6","api/v3.6.7","api/v3.6.8","api/v3.6.9","client/pkg/v3.5.0","client/pkg/v3.5.0-beta.2","client/pkg/v3.5.0-beta.3","client/pkg/v3.5.0-beta.4","client/pkg/v3.5.0-rc.0","client/pkg/v3.5.0-rc.1","client/pkg/v3.5.1","client/pkg/v3.5.10","client/pkg/v3.5.11","client/pkg/v3.5.12","client/pkg/v3.5.13","client/pkg/v3.5.14","client/pkg/v3.5.15","client/pkg/v3.5.16","client/pkg/v3.5.17","client/pkg/v3.5.18","client/pkg/v3.5.19","client/pkg/v3.5.2","client/pkg/v3.5.20","client/pkg/v3.5.21","client/pkg/v3.5.22","client/pkg/v3.5.23","client/pkg/v3.5.24","client/pkg/v3.5.25","client/pkg/v3.5.26","client/pkg/v3.5.27","client/pkg/v3.5.28","client/pkg/v3.5.29","client/pkg/v3.5.3","client/pkg/v3.5.4","client/pkg/v3.5.5","client/pkg/v3.5.6","client/pkg/v3.5.7","client/pkg/v3.5.8","client/pkg/v3.5.9","client/pkg/v3.6.0","client/pkg/v3.6.0-alpha.0","client/pkg/v3.6.0-rc.0","client/pkg/v3.6.0-rc.1","client/pkg/v3.6.0-rc.2","client/pkg/v3.6.0-rc.3","client/pkg/v3.6.0-rc.4","client/pkg/v3.6.0-rc.5","client/pkg/v3.6.1","client/pkg/v3.6.10","client/pkg/v3.6.2","client/pkg/v3.6.3","client/pkg/v3.6.4","client/pkg/v3.6.5","client/pkg/v3.6.6","client/pkg/v3.6.7","client/pkg/v3.6.8","client/pkg/v3.6.9","client/v2.305.0","client/v2.305.0-alpha.0","client/v2.305.0-beta.2","client/v2.305.0-beta.3","client/v2.305.0-beta.4","client/v2.305.0-rc.0","client/v2.305.0-rc.1","client/v2.305.1","client/v2.305.10","client/v2.305.11","client/v2.305.12","client/v2.305.13","client/v2.305.14","client/v2.305.15","client/v2.305.16","client/v2.305.17","client/v2.305.18","client/v2.305.19","client/v2.305.2","client/v2.305.20","client/v2.305.21","client/v2.305.22","client/v2.305.23","client/v2.305.24","client/v2.305.25","client/v2.305.26","client/v2.305.27","client/v2.305.28","client/v2.305.29","client/v2.305.3","client/v2.305.4","client/v2.305.5","client/v2.305.6","client/v2.305.7","client/v2.305.8","client/v2.305.9","client/v2.306.0-alpha.0","client/v2.306.0-rc.0","client/v2.306.0-rc.1","client/v2.306.0-rc.2","client/v3.5.0","client/v3.5.0-alpha.0","client/v3.5.0-beta.2","client/v3.5.0-beta.3","client/v3.5.0-beta.4","client/v3.5.0-rc.0","client/v3.5.0-rc.1","client/v3.5.1","client/v3.5.10","client/v3.5.11","client/v3.5.12","client/v3.5.13","client/v3.5.14","client/v3.5.15","client/v3.5.16","client/v3.5.17","client/v3.5.18","client/v3.5.19","client/v3.5.2","client/v3.5.20","client/v3.5.21","client/v3.5.22","client/v3.5.23","client/v3.5.24","client/v3.5.25","client/v3.5.26","client/v3.5.27","client/v3.5.28","client/v3.5.29","client/v3.5.3","client/v3.5.4","client/v3.5.5","client/v3.5.6","client/v3.5.7","client/v3.5.8","client/v3.5.9","client/v3.6.0","client/v3.6.0-alpha.0","client/v3.6.0-rc.0","client/v3.6.0-rc.1","client/v3.6.0-rc.2","client/v3.6.0-rc.3","client/v3.6.0-rc.4","client/v3.6.0-rc.5","client/v3.6.1","client/v3.6.10","client/v3.6.2","client/v3.6.3","client/v3.6.4","client/v3.6.5","client/v3.6.6","client/v3.6.7","client/v3.6.8","client/v3.6.9","etcdctl/v3.5.0","etcdctl/v3.5.0-alpha.0","etcdctl/v3.5.0-beta.2","etcdctl/v3.5.0-beta.3","etcdctl/v3.5.0-beta.4","etcdctl/v3.5.0-rc.0","etcdctl/v3.5.0-rc.1","etcdctl/v3.5.1","etcdctl/v3.5.10","etcdctl/v3.5.11","etcdctl/v3.5.12","etcdctl/v3.5.13","etcdctl/v3.5.14","etcdctl/v3.5.15","etcdctl/v3.5.16","etcdctl/v3.5.17","etcdctl/v3.5.18","etcdctl/v3.5.19","etcdctl/v3.5.2","etcdctl/v3.5.20","etcdctl/v3.5.21","etcdctl/v3.5.22","etcdctl/v3.5.23","etcdctl/v3.5.24","etcdctl/v3.5.25","etcdctl/v3.5.26","etcdctl/v3.5.27","etcdctl/v3.5.28","etcdctl/v3.5.29","etcdctl/v3.5.3","etcdctl/v3.5.4","etcdctl/v3.5.5","etcdctl/v3.5.6","etcdctl/v3.5.7","etcdctl/v3.5.8","etcdctl/v3.5.9","etcdctl/v3.6.0","etcdctl/v3.6.0-alpha.0","etcdctl/v3.6.0-rc.0","etcdctl/v3.6.0-rc.1","etcdctl/v3.6.0-rc.2","etcdctl/v3.6.0-rc.3","etcdctl/v3.6.0-rc.4","etcdctl/v3.6.0-rc.5","etcdctl/v3.6.1","etcdctl/v3.6.10","etcdctl/v3.6.2","etcdctl/v3.6.3","etcdctl/v3.6.4","etcdctl/v3.6.5","etcdctl/v3.6.6","etcdctl/v3.6.7","etcdctl/v3.6.8","etcdctl/v3.6.9","etcdutl/v3.5.0","etcdutl/v3.5.0-beta.2","etcdutl/v3.5.0-beta.3","etcdutl/v3.5.0-beta.4","etcdutl/v3.5.0-rc.0","etcdutl/v3.5.0-rc.1","etcdutl/v3.5.1","etcdutl/v3.5.10","etcdutl/v3.5.11","etcdutl/v3.5.12","etcdutl/v3.5.13","etcdutl/v3.5.14","etcdutl/v3.5.15","etcdutl/v3.5.16","etcdutl/v3.5.17","etcdutl/v3.5.18","etcdutl/v3.5.19","etcdutl/v3.5.2","etcdutl/v3.5.20","etcdutl/v3.5.21","etcdutl/v3.5.22","etcdutl/v3.5.23","etcdutl/v3.5.24","etcdutl/v3.5.25","etcdutl/v3.5.26","etcdutl/v3.5.27","etcdutl/v3.5.28","etcdutl/v3.5.29","etcdutl/v3.5.3","etcdutl/v3.5.4","etcdutl/v3.5.5","etcdutl/v3.5.6","etcdutl/v3.5.7","etcdutl/v3.5.8","etcdutl/v3.5.9","etcdutl/v3.6.0","etcdutl/v3.6.0-alpha.0","etcdutl/v3.6.0-rc.0","etcdutl/v3.6.0-rc.1","etcdutl/v3.6.0-rc.2","etcdutl/v3.6.0-rc.3","etcdutl/v3.6.0-rc.4","etcdutl/v3.6.0-rc.5","etcdutl/v3.6.1","etcdutl/v3.6.10","etcdutl/v3.6.2","etcdutl/v3.6.3","etcdutl/v3.6.4","etcdutl/v3.6.5","etcdutl/v3.6.6","etcdutl/v3.6.7","etcdutl/v3.6.8","etcdutl/v3.6.9","pkg/v3.5.0","pkg/v3.5.0-alpha.0","pkg/v3.5.0-beta.2","pkg/v3.5.0-beta.3","pkg/v3.5.0-beta.4","pkg/v3.5.0-rc.0","pkg/v3.5.0-rc.1","pkg/v3.5.1","pkg/v3.5.10","pkg/v3.5.11","pkg/v3.5.12","pkg/v3.5.13","pkg/v3.5.14","pkg/v3.5.15","pkg/v3.5.16","pkg/v3.5.17","pkg/v3.5.18","pkg/v3.5.19","pkg/v3.5.2","pkg/v3.5.20","pkg/v3.5.21","pkg/v3.5.22","pkg/v3.5.23","pkg/v3.5.24","pkg/v3.5.25","pkg/v3.5.26","pkg/v3.5.27","pkg/v3.5.28","pkg/v3.5.29","pkg/v3.5.3","pkg/v3.5.4","pkg/v3.5.5","pkg/v3.5.6","pkg/v3.5.7","pkg/v3.5.8","pkg/v3.5.9","pkg/v3.6.0","pkg/v3.6.0-alpha.0","pkg/v3.6.0-rc.0","pkg/v3.6.0-rc.1","pkg/v3.6.0-rc.2","pkg/v3.6.0-rc.3","pkg/v3.6.0-rc.4","pkg/v3.6.0-rc.5","pkg/v3.6.1","pkg/v3.6.10","pkg/v3.6.2","pkg/v3.6.3","pkg/v3.6.4","pkg/v3.6.5","pkg/v3.6.6","pkg/v3.6.7","pkg/v3.6.8","pkg/v3.6.9","raft/v3.5.0","raft/v3.5.0-alpha.0","raft/v3.5.0-beta.2","raft/v3.5.0-beta.3","raft/v3.5.0-beta.4","raft/v3.5.0-rc.0","raft/v3.5.0-rc.1","raft/v3.5.1","raft/v3.5.10","raft/v3.5.11","raft/v3.5.12","raft/v3.5.13","raft/v3.5.14","raft/v3.5.15","raft/v3.5.16","raft/v3.5.17","raft/v3.5.18","raft/v3.5.19","raft/v3.5.2","raft/v3.5.20","raft/v3.5.21","raft/v3.5.22","raft/v3.5.23","raft/v3.5.24","raft/v3.5.25","raft/v3.5.26","raft/v3.5.27","raft/v3.5.28","raft/v3.5.29","raft/v3.5.3","raft/v3.5.4","raft/v3.5.5","raft/v3.5.6","raft/v3.5.7","raft/v3.5.8","raft/v3.5.9","raft/v3.6.0-alpha.0","server/v3.5.0","server/v3.5.0-alpha.0","server/v3.5.0-beta.2","server/v3.5.0-beta.3","server/v3.5.0-beta.4","server/v3.5.0-rc.0","server/v3.5.0-rc.1","server/v3.5.1","server/v3.5.10","server/v3.5.11","server/v3.5.12","server/v3.5.13","server/v3.5.14","server/v3.5.15","server/v3.5.16","server/v3.5.17","server/v3.5.18","server/v3.5.19","server/v3.5.2","server/v3.5.20","server/v3.5.21","server/v3.5.22","server/v3.5.23","server/v3.5.24","server/v3.5.25","server/v3.5.26","server/v3.5.27","server/v3.5.28","server/v3.5.29","server/v3.5.3","server/v3.5.4","server/v3.5.5","server/v3.5.6","server/v3.5.7","server/v3.5.8","server/v3.5.9","server/v3.6.0","server/v3.6.0-alpha.0","server/v3.6.0-rc.0","server/v3.6.0-rc.1","server/v3.6.0-rc.2","server/v3.6.0-rc.3","server/v3.6.0-rc.4","server/v3.6.0-rc.5","server/v3.6.1","server/v3.6.10","server/v3.6.2","server/v3.6.3","server/v3.6.4","server/v3.6.5","server/v3.6.6","server/v3.6.7","server/v3.6.8","server/v3.6.9","tests/v3.5.0","tests/v3.5.0-alpha.0","tests/v3.5.0-beta.2","tests/v3.5.0-beta.3","tests/v3.5.0-beta.4","tests/v3.5.0-rc.0","tests/v3.5.0-rc.1","tests/v3.5.1","tests/v3.5.10","tests/v3.5.11","tests/v3.5.12","tests/v3.5.13","tests/v3.5.14","tests/v3.5.15","tests/v3.5.16","tests/v3.5.17","tests/v3.5.18","tests/v3.5.19","tests/v3.5.2","tests/v3.5.20","tests/v3.5.21","tests/v3.5.22","tests/v3.5.23","tests/v3.5.24","tests/v3.5.25","tests/v3.5.26","tests/v3.5.27","tests/v3.5.28","tests/v3.5.29","tests/v3.5.3","tests/v3.5.4","tests/v3.5.5","tests/v3.5.6","tests/v3.5.7","tests/v3.5.8","tests/v3.5.9","tests/v3.6.0","tests/v3.6.0-alpha.0","tests/v3.6.0-rc.0","tests/v3.6.0-rc.1","tests/v3.6.0-rc.2","tests/v3.6.0-rc.3","tests/v3.6.0-rc.4","tests/v3.6.0-rc.5","tests/v3.6.1","tests/v3.6.10","tests/v3.6.2","tests/v3.6.3","tests/v3.6.4","tests/v3.6.5","tests/v3.6.6","tests/v3.6.7","tests/v3.6.8","tests/v3.6.9","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v0.2.0-rc0","v0.2.0-rc1","v0.2.0-rc2","v0.2.0-rc3","v0.2.0-rc4","v0.3.0","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.5.0-alpha.0","v0.5.0-alpha.1","v0.5.0-alpha.2","v0.5.0-alpha.3","v0.5.0-alpha.4","v0.5.0-alpha.5","v2.0.0","v2.0.0-rc.1","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.0-alpha.0","v2.1.0-alpha.1","v2.1.0-rc.0","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.0-alpha.0","v2.2.0-alpha.1","v2.2.0-rc.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.3.0","v2.3.0-alpha.0","v2.3.0-alpha.1","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v3.0.0","v3.0.0-beta.0","v3.0.1","v3.0.10","v3.0.11","v3.0.12","v3.0.13","v3.0.14","v3.0.15","v3.0.16","v3.0.17","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.0.9","v3.1.0","v3.1.0-alpha.0","v3.1.0-alpha.1","v3.1.0-rc.0","v3.1.0-rc.1","v3.1.1","v3.1.10","v3.1.11","v3.1.12","v3.1.13","v3.1.14","v3.1.15","v3.1.16","v3.1.17","v3.1.18","v3.1.19","v3.1.2","v3.1.20","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9","v3.2.0","v3.2.0+git","v3.2.0-rc.0","v3.2.0-rc.1","v3.2.0_plus_git","v3.2.1","v3.2.10","v3.2.10_plus_git","v3.2.11","v3.2.12","v3.2.13","v3.2.14","v3.2.15","v3.2.16","v3.2.17","v3.2.18","v3.2.19","v3.2.2","v3.2.20","v3.2.21","v3.2.22","v3.2.23","v3.2.24","v3.2.25","v3.2.26","v3.2.27","v3.2.28","v3.2.29","v3.2.3","v3.2.30","v3.2.31","v3.2.32","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.2.8","v3.2.9","v3.3.0","v3.3.0-rc.0","v3.3.0-rc.1","v3.3.0-rc.2","v3.3.0-rc.3","v3.3.0-rc.4","v3.3.1","v3.3.10","v3.3.11","v3.3.12","v3.3.13","v3.3.14","v3.3.14-beta.0","v3.3.14-rc.0","v3.3.15","v3.3.16","v3.3.17","v3.3.18","v3.3.19","v3.3.2","v3.3.20","v3.3.21","v3.3.22","v3.3.23","v3.3.24","v3.3.25","v3.3.26","v3.3.27","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9","v3.3.9_plus_git","v3.4.0","v3.4.0-rc.0","v3.4.0-rc.1","v3.4.0-rc.2","v3.4.0-rc.3","v3.4.0-rc.4","v3.4.1","v3.4.10","v3.4.11","v3.4.12","v3.4.13","v3.4.14","v3.4.15","v3.4.16","v3.4.17","v3.4.18","v3.4.19","v3.4.2","v3.4.20","v3.4.21","v3.4.22","v3.4.23","v3.4.24","v3.4.25","v3.4.3","v3.4.4","v3.4.5","v3.4.6","v3.4.7","v3.4.8","v3.4.9","v3.5.0","v3.5.0-alpha.0","v3.5.0-beta.0","v3.5.0-beta.1","v3.5.0-beta.2","v3.5.0-beta.3","v3.5.0-beta.4","v3.5.0-rc.0","v3.5.0-rc.1","v3.5.1","v3.5.10","v3.5.11","v3.5.12","v3.5.13","v3.5.14","v3.5.15","v3.5.16","v3.5.17","v3.5.18","v3.5.19","v3.5.2","v3.5.20","v3.5.21","v3.5.22","v3.5.23","v3.5.24","v3.5.25","v3.5.26","v3.5.27","v3.5.28","v3.5.29","v3.5.3","v3.5.4","v3.5.5","v3.5.6","v3.5.7","v3.5.8","v3.5.9","v3.6.0","v3.6.0-alpha.0","v3.6.0-rc.0","v3.6.0-rc.1","v3.6.0-rc.2","v3.6.0-rc.3","v3.6.0-rc.4","v3.6.0-rc.5","v3.6.1","v3.6.10","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.6.7","v3.6.8","v3.6.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32082.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}