Lucene search
GoogleOSV:CVE-2018-1098HistoryApr 03, 2018 - 4:29 p.m.
CVE-2018-1098
2018-04-0316:29:00
Google
osv.dev
6
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (canโt PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
| CPE | Name | Operator | Version |
|---|---|---|---|
| etcd | eq | 3.2.0-rc.0 | |
| etcd | eq | 2.1.0-alpha.1 | |
| etcd | eq | 0.3.0 | |
| etcd | eq | 0.2.0-rc3 | |
| etcd | eq | 3.2.0_plus_git | |
| etcd | eq | 0.2.0-rc2 | |
| etcd | eq | 2.0.0 | |
| etcd | eq | 0.2.0-rc1 | |
| etcd | eq | 0.4.5 | |
| etcd | eq | 3.3.0-rc.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=1552714
github.com/coreos/etcd/issues/9353
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
Related
prion
prion
Cross site request forgery (csrf)
2018-04-03 16:29:00
redhatcve
redhatcve
CVE-2018-1098
2020-04-07 16:45:05
cve
cve
CVE-2018-1098
2018-04-03 16:29:00
gitlab
gitlab
Cross-Site Request Forgery (CSRF)
2022-02-15 00:00:00
Cross-Site Request Forgery (CSRF)
2022-02-15 00:00:00
debiancve
debiancve
CVE-2018-1098
2018-04-03 16:29:00
cvelist
cvelist
CVE-2018-1098
2018-04-03 16:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2018-04-30 07:01:16
nvd
nvd
CVE-2018-1098
2018-04-03 16:29:00
osv
osv
etcd Cross-site Request Forgery (CSRF)
2022-02-15 01:57:18
ubuntucve
ubuntucve
CVE-2018-1098
2018-04-03 00:00:00
github
github
etcd Cross-site Request Forgery (CSRF)
2022-02-15 01:57:18
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:36:46
nessus
nessus
Fedora 30 : etcd (2019-833466697f)
2019-05-02 00:00:00
Fedora 29 : etcd (2019-219b0b0b6a)
2019-05-06 00:00:00
RHEL 7 : etcd (Unpatched Vulnerability)
2024-05-11 00:00:00
openvas
openvas
Fedora Update for etcd FEDORA-2019-219b0b0b6a
2019-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: etcd-3.3.12-1.20190314gite1ca3b4.fc30
2019-04-13 00:09:57
[SECURITY] Fedora 29 Update: etcd-3.3.12-4.20190413gitf29b1ad.fc29
2019-05-06 04:15:25
altlinux
altlinux
Security fix for the ALT Linux 10 package etcd version 3.4.7-alt1
2020-04-26 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0631
2023-08-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0427
2023-07-14 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0608
2023-07-05 00:00:00