DNS Rebinding Vulnerability in etcd by CoreOS
CVE-2018-1099
5.5MEDIUM
Summary
A DNS rebinding vulnerability exists in etcd version 3.3.1 and earlier, allowing an attacker to manipulate DNS records. By directing a victim's browser to send requests to localhost or any other designated address, the attacker can potentially expose sensitive information or gain unauthorized access to local services.
Affected Version(s)
etcd 3.3.1 and earlier
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved