Home > Vulnerability Database > WS-2022-0328

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2022-0328

Date: August 19, 2025

etcd user credentials are stored in WAL logs in plaintext.

Language: Go

Severity Score

7.5

Related Resources (9)

Url: https://github.com/etcd-io/etcd/security/advisories/GHSA-528j-9r78-wffx

Url: https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865

Url: https://github.com/etcd-io/etcd/pull/11818

Url: https://github.com/etcd-io/etcd

Url: https://github.com/etcd-io/etcd/commit/585814082b8c8b7db272b30b365b81d27df4a4cb

Url: https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf

Url: https://github.com/etcd-io/etcd/issues/10132

Url: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md#does-etcd-encrypt-data-stored-on-disk-drives

Url: https://www.mend.io/vulnerability-database/WS-2022-0328

Severity Score

7.5

Weakness Type (CWE)

Plaintext Storage of a Password

CWE-256

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us