CVE-2020-15114 (High) detected in github.com/etcd-io/etcd-v3.4.3 #166
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2020-15114 - High Severity Vulnerability
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy:
Found in HEAD commit: 62183f719db48021c16ed24298bf24a3c5547124
Found in base branch: master
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
Publish Date: 2020-08-06
URL: CVE-2020-15114
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2020-08-06
Fix Resolution: 3.4.10, 3.3.23
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: