DNS Rebinding Vulnerability in etcd by CoreOS
CVE-2018-1099

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Etcd
Vendor: CVE Published:; 3 April 2018

What is CVE-2018-1099?

A DNS rebinding vulnerability exists in etcd version 3.3.1 and earlier, allowing an attacker to manipulate DNS records. By directing a victim's browser to send requests to localhost or any other designated address, the attacker can potentially expose sensitive information or gain unauthorized access to local services.

Affected Version(s)

etcd 3.3.1 and earlier

References

https://bugzilla.redhat.com/show_bug.cgi?id=1552717

x_refsource_CONFIRM

https://github.com/coreos/etcd/issues/9353

x_refsource_CONFIRM

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2018
Vulnerability Reserved
Dec 4, 2017

Red Hat

What is CVE-2018-1099?

Affected Version(s)

References

CVSS V3.1

Timeline