5 matches found
CVE-2020-15114
CVE-2020-15114 affects etcd prior to 3.3.23 and 3.4.10, where the etcd gateway (a TCP proxy) can be configured to point at itself as an endpoint. This creates a loop that exhausts file descriptors and causes a Denial of Service. Public advisories (GHSA-2XHQ-GV6C-P224) and package trackers describ...
CVE-2018-1099
CVE-2018-1099 is a DNS rebinding vulnerability in etcd (versions up to 3.3.1). The issue allows an attacker to manipulate DNS records to rebind DNS entries, enabling unintended access to DNS records. Connected documents corroborate the same CVE with details and reference IBM/astral bulletin cover...
CVE-2020-15136
CVE-2020-15136 affects etcd gateway behavior: TLS authentication is applied only to endpoints discovered via DNS SRV for a domain, with no authentication for endpoints provided via the --endpoints flag. Root cause is limited endpoint validation in the gateway’s discoverEndpoints flow. Impact: pot...
CVE-2020-15115
CVE-2020-15115 is an etcd password-management vulnerability affecting versions prior to 3.3.23 and 3.4.10, where there is no password length validation. The description indicates an attacker could brute-force or guess short passwords (potentially length 1) with little computational effort. The co...
CVE-2018-1098
CVE-2018-1098 affects etcd 3.3.1 and earlier, where CSRF allows an attacker to induce the etcd server to perform unauthorized actions by sending crafted POST requests via a malicious site. The description notes that PUT is safer for adding keys, but POST can be used to create in-order keys. The N...