A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
References
Configurations
History
13 Feb 2023, 04:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-04-03 16:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-1098
Mitre link : CVE-2018-1098
CVE.ORG link : CVE-2018-1098
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- etcd
CWE
CWE-352
Cross-Site Request Forgery (CSRF)