Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-1098

Published: 03/04/2018 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

A cross-site request forgery flaw was found in etcd 3.3.1 and previous versions. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat etcd

fedoraproject fedora 30

Vendor Advisories

Debian CVElist Bug Report Logs: etcd: CVE-2018-1098 CVE-2018-1099
Debian Bug report logs - #921156 etcd: CVE-2018-1098 CVE-2018-1099 Package: src:etcd; Maintainer for src:etcd is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Feb 2019 12:51:06 UTC Severity: important Tags: fixed-upstream, security, upst ...
Red Hat: CVE-2018-1098
A cross-site request forgery flaw has been discovered in etcd A remote attacker could set up a malicious website that execute POST requests to an etcd server to modify or add a key ...

References

CWE-352https://github.com/coreos/etcd/issues/9353https://bugzilla.redhat.com/show_bug.cgi?id=1552714https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-1098
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook