CVE-2018-1099 – go.etcd.io/etcd

Package

Manager: go
Name: go.etcd.io/etcd
Vulnerable Version: >=0 <3.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00081 pctl0.24718

Details

DNS Rebinding in etcd DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Metadata

Created: 2022-02-15T01:57:18Z
Modified: 2021-05-19T22:09:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-wf43-55jj-vwq8/GHSA-wf43-55jj-vwq8.json
CWE IDs: ["CWE-20", "CWE-350"]
Alternative ID: GHSA-wf43-55jj-vwq8
Finding: F184
Auto approve: 1