redhat/etcd: The latest CVE Vulnerabilities and Exploits for Penetration Test

 

Page content

redhat/etcd Vulnerability Summary

  • Vendor name: redhat
  • Product name: etcd
  • Total vulnerabilities: 6 (as 2023-05-04)

redhat/etcd Vulnerability List

CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime

CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15114 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-15136: In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the –endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

Common Weakness Enumeration (CWE): CWE-306: Missing Authentication for Critical Function

CWE Description: The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15136 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-15115: etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which…

Published: 2020-08-06T22:15:00 Last Modified: 2021-01-04T03:15:00

Summary

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users’ passwords with little computational effort.

Common Weakness Enumeration (CWE): CWE-521: Weak Password Requirements

CWE Description: The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15115 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-16886: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper…

Published: 2019-01-14T19:29:00 Last Modified: 2019-10-24T12:24:00

Summary

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16886 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1098: A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a…

Published: 2018-04-03T16:29:00 Last Modified: 2019-05-06T06:29:00

Summary

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can’t PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1098 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1099: DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS…

Published: 2018-04-03T16:29:00 Last Modified: 2019-05-06T06:29:00

Summary

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-1099 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat