-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers around insufficient TLS validation during SRV discovery in etcd gateway. Key functions would be those handling endpoint connectivity checks and SRV discovery initialization. The transport.Endpoint.Dial function is directly responsible for establishing connections and would show TCP dialing activity without TLS in runtime profiles. The v2discovery.SRVGetCluster function initiates the discovery process that triggers these insecure validations. Confidence is high for the dialer function as it's the direct point of insecure connection handling, and medium for the SRV discovery entry point as it's the initiation context.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| go.etcd.io/etcd/v3 | go | >= 3.4.0-rc.0, <= 3.4.9 | 3.4.10 |
| go.etcd.io/etcd/v3 | go | < 3.3.23 | 3.3.23 |
GoGoOngoing coverage of React2Shell