Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper authentication in etcd
Vulnerability Description
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
etcd 访问控制错误漏洞
Vulnerability Description
etcd是一套使用Go语言编写的用于分布式系统的键值存储系统。 etcd 3.4.10之前版本和3.3.23之前版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
CVSS Information
N/A
Vulnerability Type
N/A