Cross-Site Request Forgery Flaw in etcd Server by CoreOS
CVE-2018-1098
8.8HIGH
Summary
A cross-site request forgery vulnerability exists in the etcd server versions 3.3.1 and earlier, allowing attackers to craft malicious web forms that can send POST requests to the etcd server. This could lead to unauthorized modifications of keys within etcd, despite the PUT method being considered safer. The flaw enables attackers to create in-order keys using POST requests, which could compromise the integrity of the etcd data.
Affected Version(s)
etcd 3.3.1 and earlier
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved