Описание
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
It has been discovered that etcd does not correctly restrict access to resources based on hostname. A remote attacker could perform a DNS-rebinding attack and trick the browser into sending requests to an etcd server on an internal network, bypassing the Same-Origin Policy.
Меры по смягчению последствий
Configure and enable authentication on the etcd server or secure your client connection via HTTPS.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | etcd | Will not fix | ||
| Red Hat Enterprise Linux 7 | etcd3 | Will not fix | ||
| Red Hat OpenShift Enterprise 3 | atomic-openshift | Affected | ||
| Red Hat Storage 3 | etcd | Affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...
5 Medium
CVSS3