Red Hat Inc Etcd vulnerabilities
2 known vulnerabilities affecting red_hat_inc/etcd.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-1098HIGHCVSS 8.8v3.3.1 and earlier2018-04-03
CVE-2018-1098 [HIGH] CWE-352 CVE-2018-1098: A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a webs
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
cvelistv5nvd
CVE-2018-1099MEDIUMCVSS 5.5v3.3.1 and earlier2018-04-03
CVE-2018-1099 [MEDIUM] CWE-20 CVE-2018-1099: DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
cvelistv5nvd