CVE-2020-15136

Опубликовано: 06 авг. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5.8

CVSS3: 6.5

Описание

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needs-triage
groovy	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%

0.00308

Низкий

5.8 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-15136

CVSS3: 6.5

redhat

больше 5 лет назад

CVE-2020-15136

CVSS3: 6.5

nvd

больше 5 лет назад

CVE-2020-15136

CVSS3: 6.5

msrc

около 4 лет назад

Описание отсутствует

CVE-2020-15136

CVSS3: 6.5

debian

больше 5 лет назад

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...

GHSA-wr2v-9rpq-c35q

CVSS3: 6.5

github

около 2 лет назад

Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

EPSS

Процентиль: 54%

0.00308

Низкий

5.8 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2020-15136

Описание

Пакет etcd

Ссылки на источники

Связанные уязвимости