Main Vulnerability Database Vulnerabilities #VU130093

Improper Authentication in etcd - #VU130093

Published: August 5, 2020 / Updated: May 5, 2026

Vulnerability identifier: #VU130093

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a remote user to bypass endpoint authentication.

The vulnerability exists due to improper authentication in gateway endpoint authentication when handling endpoints discovered from DNS SRV records after their authentication settings change. A remote user can cause the gateway to continue trusting an endpoint that is no longer authenticated to bypass endpoint authentication.

The gateway authenticates detected endpoints only once.

Remediation

Install security update from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-h8g9-6gvh-5mrc

Improper Authentication in etcd - #VU130093

Description

Remediation

External links

Please verify you're human