CVE-2020-15136 - OpenCVE

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Etcd
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:redhat:etcd::::::::
	cpe:2.3:a:redhat:etcd::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md	Broken Link
https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-08-06T22:45:14

Updated: 2021-01-04T02:06:10

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15136

JSON object: View

NVD Information

Status : Modified

Published: 2020-08-06T23:15:11.577

Modified: 2023-11-07T03:17:25.903

Link: CVE-2020-15136

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "etcd", "vendor": "etcd-io", "versions": [{"status": "affected", "version": ">= 3.4.0, < 3.4.10"}, {"status": "affected", "version": "< 3.3.23"}]}], "descriptions": [{"lang": "en", "value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "{\"CWE-287\":\"Improper Authentication\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-04T02:06:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"}, {"name": "FEDORA-2020-cd43b84c16", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}], "source": {"advisory": "GHSA-wr2v-9rpq-c35q", "discovery": "UNKNOWN"}, "title": "Improper authentication in etcd", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15136", "STATE": "PUBLIC", "TITLE": "Improper authentication in etcd"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "etcd", "version": {"version_data": [{"version_value": ">= 3.4.0, < 3.4.10"}, {"version_value": "< 3.3.23"}]}}]}, "vendor_name": "etcd-io"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-287\":\"Improper Authentication\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q", "refsource": "CONFIRM", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"}, {"name": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md", "refsource": "MISC", "url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"}, {"name": "FEDORA-2020-cd43b84c16", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}]}, "source": {"advisory": "GHSA-wr2v-9rpq-c35q", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15136", "datePublished": "2020-08-06T22:45:14", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2021-01-04T02:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "44C58F4F-02EB-40DC-86CB-98D027FE7F84", "versionEndExcluding": "3.3.23", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "362ED3D1-DC14-4BC6-A565-39EA4CA7B061", "versionEndExcluding": "3.4.10", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."}, {"lang": "es", "value": "En ectd anterior a las versiones 3.4.10 y 3.3.23, la autenticaci\u00f3n TLS de la puerta de enlace solo se aplica a los endpoints detectados en los registros SRV de DNS. Cuando se inicia una puerta de enlace, la autenticaci\u00f3n TLS solo se intentar\u00e1 en los endpoints identificados en los registros SRV de DNS para un dominio determinado, lo que ocurre en la funci\u00f3n discoverEndpoints. No se lleva a cabo la autenticaci\u00f3n contra los endpoints proporcionados en el flag --endpoints. Esto se ha corregido en las versiones 3.4.10 y 3.3.23 con documentaci\u00f3n mejorada y degradaci\u00f3n de la funcionalidad"}], "id": "CVE-2020-15136", "lastModified": "2023-11-07T03:17:25.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-08-06T23:15:11.577", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Secondary"}]}