CVE-2020-15136: Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
6.5
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
go.etcd.io/etcd | go | >= 3.4.0-rc.0, <= 3.4.9 | 3.4.10 |
go.etcd.io/etcd | go | < 3.3.23 | 3.3.23 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability arises because TLS authentication is only applied to endpoints discovered via DNS SRV records in the discoverEndpoints
function, while endpoints provided via --endpoints are not authenticated. However, the provided information does not include specific code changes or function names related to processing the --endpoints flag. Without the actual patch details or code snippets, it's impossible to definitively identify the exact vulnerable functions that handle the --endpoints input without authentication. The discoverEndpoints
function itself implements correct authentication but is not the source of vulnerability; the issue lies in the code path that processes --endpoints without invoking proper authentication checks, which isn't explicitly named in the available data.