MEDIUM 5.5 Go
DNS Rebinding in etcd
GHSA-wf43-55jj-vwq8 · CVE-2018-1099
Published · Modified
Description
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1099
- WEB https://github.com/coreos/etcd/issues/9353
- WEB https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1552717
- WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
- WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS
Ready to move
Start Securing
Free, no credit card | First findings in minutes