Published: 03/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

DNS rebinding vulnerability found in etcd 3.3.1 and previous versions. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat etcd
fedoraproject fedora 30

Debian Bug report logs - #921156 etcd: CVE-2018-1098 CVE-2018-1099 Package: src:etcd; Maintainer for src:etcd is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Feb 2019 12:51:06 UTC Severity: important Tags: fixed-upstream, security, upst ...

It has been discovered that etcd does not correctly restrict access to resources based on hostname A remote attacker could perform a DNS-rebinding attack and trick the browser into sending requests to an etcd server on an internal network, bypassing the Same-Origin Policy ...

CWE-20 https://github.com/coreos/etcd/issues/9353 https://bugzilla.redhat.com/show_bug.cgi?id=1552717 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921156 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-1099

CVE-2018-1099

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect