DNS Rebinding Vulnerability in etcd by CoreOS
CVE-2018-1099

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Etcd
Vendor
CVE Published:
3 April 2018

Summary

A DNS rebinding vulnerability exists in etcd version 3.3.1 and earlier, allowing an attacker to manipulate DNS records. By directing a victim's browser to send requests to localhost or any other designated address, the attacker can potentially expose sensitive information or gain unauthorized access to local services.

Affected Version(s)

etcd 3.3.1 and earlier

References

https://bugzilla.redhat.com/show_bug.cgi?id=1552717
x_refsource_CONFIRM
https://github.com/coreos/etcd/issues/9353
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.