11 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to key-value store "etcd". (CVE-2018-1098, CVE-2018-1099, CVE-2022-34038, CVE-2021-2823).
Summary The distributed key-value store, etcd, used by IBM Storage Protect Server is vulnerable to cross-site scripting, denial of service, or unauthorized access to the host system. This bulletin outlines the steps to address these vulnerabilities. Vulnerability Details CVEID:CVE-2018-1098...
Photon OS 4.0: Coredns PHSA-2023-4.0-0420
An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0420. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Calico PHSA-2023-4.0-0427
An update of the calico package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0427. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 7 : etcd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - etcd: Cross-site request forgery via crafted local POST forms CVE-2018-1098 - etcd: Information discosure...
Security Bulletin: CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced
Summary CVE-2018-1099, CVE-2018-1098 related to etcd package may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-1099 DESCRIPTION: etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS...
Security fix for the ALT Linux 10 package etcd version 3.4.7-alt1
April 26, 2020 Alexey Shabalin 3.4.7-alt1 - 3.4.7 Fixes: CVE-2018-1098, CVE-2018-1099, CVE-2018-16886...
CVE-2018-1098
A cross-site request forgery flaw has been discovered in etcd. A remote attacker could set up a malicious website that execute POST requests to an etcd server to modify or add a key. Mitigation Configure and enable authentication on the etcd server...
Fedora 29 : etcd (2019-219b0b0b6a)
etcd.service: do not pass command line flags already defined in environment ---- Fix building of etcd ---- Bump to commit f29b1ada19713544b698dab8c94c97cfa1e83dac ---- Bump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix for CVE-2018-16886 Security fix for CVE-2018-1098...
CVE-2018-1098
CVE-2018-1098 affects etcd 3.3.1 and earlier, where CSRF allows an attacker to induce the etcd server to perform unauthorized actions by sending crafted POST requests via a malicious site. The description notes that PUT is safer for adding keys, but POST can be used to create in-order keys. The N...
CVE-2018-1098
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...