5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
28.5%
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
CPE | Name | Operator | Version |
---|---|---|---|
go.etcd.io/etcd | lt | 3.4.0 |
bugzilla.redhat.com/show_bug.cgi?id=1552717
github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
github.com/coreos/etcd/issues/9353
lists.fedoraproject.org/archives/list/[email protected]/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
lists.fedoraproject.org/archives/list/[email protected]/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS
nvd.nist.gov/vuln/detail/CVE-2018-1099
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
28.5%