Описание
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| etcd | fixed | 3.5.5-1 | experimental | package |
| etcd | fixed | 3.4.23-1 | package | |
| etcd | no-dsa | bullseye | package | |
| etcd | no-dsa | buster | package |
Примечания
https://github.com/coreos/etcd/issues/9353
https://github.com/etcd-io/etcd/pull/9372
https://bugzilla.redhat.com/show_bug.cgi?id=1552717
Связанные уязвимости
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
