GHSA-h8g9-6gvh-5mrc – go.etcd.io/etcd/v3

Package

Manager: go
Name: go.etcd.io/etcd/v3
Vulnerable Version: >=3.4.0 <3.4.10 || >=0 <3.3.23

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

etcd vulnerable to TOCTOU of gateway endpoint authentication ### Vulnerability type Authentication ### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once. Therefore, if an endpoint changes its authentication settings, the gateway will continue to assume the endpoint is still authenticated. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)

Metadata

Created: 2022-10-06T23:12:38Z
Modified: 2022-10-06T23:12:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-h8g9-6gvh-5mrc/GHSA-h8g9-6gvh-5mrc.json
CWE IDs: ["CWE-367"]
Alternative ID: N/A
Finding: F124
Auto approve: 1