N/A

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

N/A

跨站请求伪造(CSRF)

etcd 跨站请求伪造漏洞

etcd是一套使用Go语言编写的用于分布式系统的键值存储系统。 etcd 3.3.1及之前版本中存在跨站请求伪造漏洞。远程攻击者可通过构建的网站发送POST请求利用该漏洞执行未授权的操作。

N/A

N/A