6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15136

GHSA ID

GHSA-wr2v-9rpq-c35q

EPSS Score

0.39367%

CWE

CWE-287

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15136

CVE-2020-15136: Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Vulnerability type

Cryptography

Workarounds

Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation.

Detail

When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

Contact the etcd security committee

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15136

GHSA ID

GHSA-wr2v-9rpq-c35q

EPSS Score

0.39367%

CWE

CWE-287

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
go.etcd.io/etcd	go	>= 3.4.0-rc.0, <= 3.4.9	3.4.10
go.etcd.io/etcd	go	< 3.3.23	3.3.23

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability arises because TLS authentication is only applied to endpoints discovered via DNS SRV records in the discoverEndpoints function, while endpoints provided via --endpoints are not authenticated. However, the provided information does not include specific code changes or function names related to processing the --endpoints flag. Without the actual patch details or code snippets, it's impossible to definitively identify the exact vulnerable functions that handle the --endpoints input without authentication. The discoverEndpoints function itself implements correct authentication but is not the source of vulnerability; the issue lies in the code path that processes --endpoints without invoking proper authentication checks, which isn't explicitly named in the available data.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Vuln*r**ility typ* *rypto*r*p*y ### Work*roun*s R***r to t** [**t*w*y *o*um*nt*tion](*ttps://*it*u*.*om/*t**-io/*t**/*lo*/m*st*r/*o*um*nt*tion/op-*ui**/**t*w*y.m*). T** vuln*r**ility w*s spott** *u* to un*l**r *o*um*nt*tion o* *ow t** **t*w*y **

Reasoning

T** vuln*r**ility *ris*s ****us* TLS *ut**nti**tion is only *ppli** to *n*points *is*ov*r** vi* *NS SRV r**or*s in t** `*is*ov*r*n*points` *un*tion, w*il* *n*points provi*** vi* --*n*points *r* not *ut**nti**t**. *ow*v*r, t** provi*** in*orm*tion *o*

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-15136: Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Vulnerability type

Workarounds

Detail

References

For more information

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI