CVE-2018-1099
published 2018-04-03CVE-2018-1099: DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending…
medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | etcd | < etcd 3.4.23-1 (bookworm) | etcd 3.4.23-1 (bookworm) |
| etcd | etcd | >= 0 < 3.4.23-1 | 3.4.23-1 |
| etcd | etcd | >= 0 < 3.4.23-1 | 3.4.23-1 |
| etcd | etcd | >= 0 < 3.4.23-1 | 3.4.23-1 |
| fedoraproject | fedora | — | — |
| go.etcd.io | etcd | >= 0 < 3.4.0 | 3.4.0 |
| red_hat_inc | etcd | — | — |
| redhat | etcd | <= 3.3.1 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM