CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md	Broken Link
https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md	Broken Link
https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:etcd::::::::
	cpe:2.3:a:redhat:etcd::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-08-06 23:15

Updated : 2024-11-21 05:04

NVD link : CVE-2020-15136

Mitre link : CVE-2020-15136

CVE.ORG link : CVE-2020-15136

JSON object : View

Products Affected

fedoraproject

fedora

redhat

etcd

CWE

CWE-287

Improper Authentication

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2020-15136", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2020-08-06T23:15:11.577", "references": [{"url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md", "tags": ["Broken Link"], "source": "security-advisories@github.com"}, {"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/", "source": "security-advisories@github.com"}, {"url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."}, {"lang": "es", "value": "En ectd anterior a las versiones 3.4.10 y 3.3.23, la autenticaci\u00f3n TLS de la puerta de enlace solo se aplica a los endpoints detectados en los registros SRV de DNS. Cuando se inicia una puerta de enlace, la autenticaci\u00f3n TLS solo se intentar\u00e1 en los endpoints identificados en los registros SRV de DNS para un dominio determinado, lo que ocurre en la funci\u00f3n discoverEndpoints. No se lleva a cabo la autenticaci\u00f3n contra los endpoints proporcionados en el flag --endpoints. Esto se ha corregido en las versiones 3.4.10 y 3.3.23 con documentaci\u00f3n mejorada y degradaci\u00f3n de la funcionalidad"}], "lastModified": "2024-11-21T05:04:55.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44C58F4F-02EB-40DC-86CB-98D027FE7F84", "versionEndExcluding": "3.3.23", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "362ED3D1-DC14-4BC6-A565-39EA4CA7B061", "versionEndExcluding": "3.4.10", "versionStartIncluding": "3.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}