PT-2018-10228 · Coreos+3 · Etcd+3

Zelivans

Published

2018-04-03

Updated

2022-02-15

CVE-2018-1099

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions etcd versions 3.3.1 and earlier

Description A DNS rebinding issue allows an attacker to control DNS records, directing them to localhost and tricking the browser into sending requests to localhost or any other address.

Recommendations For etcd versions 3.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-350

Related Identifiers

ALT-PU-2020-1882

ALT-PU-2020-2176

CVE-2018-1099

GHSA-WF43-55JJ-VWQ8

Affected Products

Alt Linux

Astra Linux

Debian

Etcd

PT-2018-10228 · Coreos+3 · Etcd+3

CVE-2018-1099

Weakness Enumeration

Related Identifiers

Affected Products

References · 27