| Vulnerability Name: | CVE-2020-15136 (CCN-186412) | ||||||||||||
| Assigned: | 2020-08-05 | ||||||||||||
| Published: | 2020-08-05 | ||||||||||||
| Updated: | 2021-11-18 | ||||||||||||
| Summary: | In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-306 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-15136 Source: XF Type: UNKNOWN etcd-cve202015136-sec-bypass(186412) Source: MISC Type: Broken Link https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md Source: CCN Type: etcd GIT Repository Gateway TLS authentication only applies to endpoints detected in DNS SRV records Source: CONFIRM Type: Third Party Advisory https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-cd43b84c16 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||