SB2019040839 - Fedora 30 update for etcd
Published: April 8, 2019 Updated: April 24, 2025
Security Bulletin ID
SB2019040839
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper Authentication (CVE-ID: CVE-2018-16886)
The vulnerability allows a remote user to bypass authentication process.
The vulnerability exists due to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. A remote user can authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
2) Cross-site request forgery (CVE-ID: CVE-2018-1098)
The vulnerability allows a remote unauthenticated attacker to conduct cross-site request forgery attack and gain elevated privileges on the target system.The weakness exists due to improper validation of HTTP POST requests. A remote attacker can trick the victim into visiting a specially crafted website and gain privileges of the target user.
3) Improper input validation (CVE-ID: CVE-2018-1099)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to improper validation of DNS hostnames. A remote attacker can send specially crafted requests, bypass security restrictions and gain network access to internal systems.
Remediation
Install update from vendor's website.