CVE-2018-1099
MEDIUM5.5EPSS 0.07%DNS Rebinding in etcd
發布日:2022/2/15修改日:2026/4/28
也稱為:DEBIAN-CVE-2018-1099
描述
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
受影響套件(2)
- Debian/etcdfrom 0
- Go/go.etcd.io/etcdfrom 0, < 3.4.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1099
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1099
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1552717
- WEBhttps://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
- WEBhttps://github.com/coreos/etcd/issues/9353
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS