vulnerability

etcd Unauthenticated HTTP API Leak

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	2018-03-28	2018-03-28	2018-04-06

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

2018-03-28

Added

2018-03-28

Modified

2018-04-06

Description

The etcd HTTP API is accessible without authentication. This can result in keys being exposed which may contain sensitive information. It will also allow a user to change and delete keys without authentication. As a result, a remote attacker can not only discern sensitive information such as usernames and passwords, but also change or delete that data.

Solution

http-etcd-unauthenticated-api-data-leak

References

URL-https://elweb.co/the-security-footgun-in-etcd/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today