Improper Authentication in etcd - #VU130094

 

Improper Authentication in etcd - #VU130094

Published: August 5, 2020 / Updated: May 5, 2026


Vulnerability identifier: #VU130094
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: CoreOS
Affected software:
etcd

Detailed vulnerability description

The vulnerability allows a remote user to bypass endpoint authentication.

The vulnerability exists due to improper authentication in the gateway endpoint authentication logic when processing endpoints detected from DNS SRV records. A remote user can change an endpoint's authentication settings after the initial validation to bypass endpoint authentication.

The gateway authenticates detected endpoints only once and continues to trust them after their authentication settings change.


Remediation

Install security update from vendor's website.

Sources