CVE-2018-1099
MEDIUM5.5EPSS 0.07%DNS Rebinding in etcd
Published: 2/15/2022Modified: 4/28/2026
Description
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Affected packages (2)
- Debian/etcdfrom 0
- Go/go.etcd.io/etcdfrom 0, < 3.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1099
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1099
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1552717
- WEBhttps://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
- WEBhttps://github.com/coreos/etcd/issues/9353
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS