Main Vulnerability Database Vulnerabilities #VU130094

Improper Authentication in etcd - #VU130094

Published: August 5, 2020 / Updated: May 5, 2026

Vulnerability identifier: #VU130094

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a remote user to bypass endpoint authentication.

The vulnerability exists due to improper authentication in the gateway endpoint authentication logic when processing endpoints detected from DNS SRV records. A remote user can change an endpoint's authentication settings after the initial validation to bypass endpoint authentication.

The gateway authenticates detected endpoints only once and continues to trust them after their authentication settings change.

Remediation

Install security update from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-h8g9-6gvh-5mrc

Improper Authentication in etcd - #VU130094

Description

Remediation

External links

Please verify you're human