Main Vulnerability Database Vulnerabilities #VU130095

Improper Certificate Validation in etcd - #VU130095

Published: August 5, 2020 / Updated: May 5, 2026

Vulnerability identifier: #VU130095

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a remote attacker to connect to an endpoint that does not accept TLS connections.

The vulnerability exists due to improper certificate validation in gateway TLS endpoint validation when validating endpoints with the --discovery-srv flag enabled. A remote attacker can provide a reachable TCP endpoint over an HTTPS URL to connect to an endpoint that does not accept TLS connections.

Exploitation requires use of the gateway start command with the --discovery-srv flag enabled.

Remediation

Install security update from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-j86v-2vjr-fg8f

Improper Certificate Validation in etcd - #VU130095

Description

Remediation

External links

Please verify you're human