CVE-2018-1099

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Etcd
Vendor: CVE Published:; 3 April 2018

Summary

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Affected Version(s)

etcd 3.3.1 and earlier

References

https://bugzilla.redhat.com/show_bug.cgi?id=1552717

x_refsource_CONFIRM

https://github.com/coreos/etcd/issues/9353

x_refsource_CONFIRM

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2018
Vulnerability Reserved
Dec 4, 2017