CVE-2018-1099

MEDIUM

etcd < 3.3.1 - DNS Rebinding

Title source: llm
STIX 2.1

Description

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

References (4)

Core 4
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1552717
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/coreos/etcd/issues/9353

Scores

CVSS v3 5.5
EPSS 0.0051
EPSS Percentile 39.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
fedoraproject/fedora 30
go.etcd.io/etcd 0 - 3.4.0Go
redhat/etcd < 3.3.1
Published Apr 03, 2018
Tracked Since Feb 18, 2026