7.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15114

GHSA ID

GHSA-2xhq-gv6c-p224

EPSS Score

0.30229%

CWE

CWE-400

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15114

CVE-2020-15114:
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion

Vulnerability type

Denial of Service

Detail

The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

Contact the etcd security committee

(GitHub Advisory)

7.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15114

GHSA ID

GHSA-2xhq-gv6c-p224

EPSS Score

0.30229%

CWE

CWE-400

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
go.etcd.io/etcd	go	>= 3.4.0-rc.0, <= 3.4.9	3.4.10
go.etcd.io/etcd	go	< 3.3.23	3.3.23

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing validation when configuring gateway endpoints. From the advisory description, we infer that:

Endpoint update/processing functions lacked self-reference checks
Gateway initialization accepted invalid endpoint configurations While exact patch details are unavailable, these functions represent the most likely locations for missing validation based on:

The vulnerability's nature (endpoint list poisoning)
etcd's gateway architecture
Common patterns in TCP proxy implementations Confidence is medium due to inference from vulnerability description rather than direct patch analysis

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Vuln*r**ility typ* **ni*l o* S*rvi** ### **t*il T** *t** **t*w*y is * simpl* T*P proxy to *llow *or **si* s*rvi** *is*ov*ry *n* ****ss. *ow*v*r, it is possi*l* to in*lu** t** **t*w*y ***r*ss *s *n *n*point. T*is r*sults in * **ni*l o* s*rvi**, s

Reasoning

T** vuln*r**ility st*ms *rom missin* v*li**tion w**n *on*i*urin* **t*w*y *n*points. *rom t** **visory **s*ription, w* in**r t**t: *. *n*point up**t*/pro**ssin* *un*tions l**k** s*l*-r***r*n** ****ks *. **t*w*y initi*liz*tion ****pt** inv*li* *n*point

7.7

Basic Information

Concerned about an active attack path?

CVE-2020-15114: Etcd Gateway can include itself as an endpoint resulting in resource exhaustion

Vulnerability type

Detail

References

For more information

7.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-15114:
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion

Vulnerability Intelligence
Miggo AI