5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
28.5%
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
CPE | Name | Operator | Version |
---|---|---|---|
go.etcd.io/etcd | lt | 3.4.0 |
bugzilla.redhat.com/show_bug.cgi?id=1552717
github.com/advisories/GHSA-wf43-55jj-vwq8
github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
github.com/coreos/etcd/issues/9353
lists.fedoraproject.org/archives/list/[email protected]/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/
lists.fedoraproject.org/archives/list/[email protected]/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
nvd.nist.gov/vuln/detail/CVE-2018-1099
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
28.5%