Cross-site Request Forgery (CSRF)

github.com/coreos/etcd is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists as there are no host whitelists in place to prevent unauthorized websites from sending unauthorized POST requests to the etcd server...

DNS Rebinding

github.com/coreos/etcd is vulnerable to DNS rebinding. The vulnerability exists because it does not prevent the attacker to use its DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...