GMS-2022-5093: etcd user credentials are stored in WAL logs in plaintext

October 6, 2022

The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure.

References

github.com/advisories/GHSA-528j-9r78-wffx
github.com/etcd-io/etcd/security/advisories/GHSA-528j-9r78-wffx

Code Behaviors & Features

Detect and mitigate GMS-2022-5093 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →