Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Overview

Source
ID
GHSA-wr2v-9rpq-c35q
Aliases
CVE-2020-15136
Affected package

Description

### Vulnerability type Cryptography

### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation.

### Detail When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)

Impact

Severity
Latest version of the CVSS score reported by the source of the advisory.
6.5 MODERATE
Reference links

Summary

2.99k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
419
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
0.22%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
go.etcd.io/etcd
Affected Version: Introduced: 3.4.0-rc.0, Fixed: 3.4.10, Introduced: 0, Fixed: 3.3.23
Patched/Unaffected
v3.3.24+incompatible
v3.3.25+incompatible
v3.3.26+incompatible
v3.3.27+incompatible
Affected
v3.3.22+incompatible
v3.3.21+incompatible
v3.3.20+incompatible
v3.3.19+incompatible
v3.3.18+incompatible
v3.3.17+incompatible
v3.3.16+incompatible
v3.3.15+incompatible
v3.3.13+incompatible
v3.3.12+incompatible
v3.3.11+incompatible
v3.3.10+incompatible
v3.3.9+incompatible
v3.3.8+incompatible
v3.3.7+incompatible
v3.3.6+incompatible
v3.3.5+incompatible
v3.3.4+incompatible
v3.3.3+incompatible
v3.3.2+incompatible
v3.3.1+incompatible
v3.3.0+incompatible
v3.2.32+incompatible
v3.2.31+incompatible
v3.2.30+incompatible
v3.2.29+incompatible
v3.2.28+incompatible
v3.2.27+incompatible
v3.2.26+incompatible
v3.2.25+incompatible
v3.2.24+incompatible
v3.2.23+incompatible
v3.2.22+incompatible
v3.2.21+incompatible
v3.2.20+incompatible
v3.2.19+incompatible
v3.2.18+incompatible
v3.2.17+incompatible
v3.2.16+incompatible
v3.2.15+incompatible
v3.2.14+incompatible
v3.2.13+incompatible
v3.2.12+incompatible
v3.2.11+incompatible
v3.2.10+incompatible
v3.2.9+incompatible
v3.2.8+incompatible
v3.2.7+incompatible
v3.2.6+incompatible
v3.2.5+incompatible
v3.2.4+incompatible
v3.2.3+incompatible
v3.2.2+incompatible
v3.2.1+incompatible
v3.2.0+incompatible
v3.1.20+incompatible
v3.1.19+incompatible
v3.1.18+incompatible
v3.1.17+incompatible
v3.1.16+incompatible
v3.1.15+incompatible
v3.1.14+incompatible
v3.1.13+incompatible
v3.1.12+incompatible
v3.1.11+incompatible
v3.1.10+incompatible
v3.1.9+incompatible
v3.1.8+incompatible
v3.1.7+incompatible
v3.1.6+incompatible
v3.1.5+incompatible
v3.1.4+incompatible
v3.1.3+incompatible
v3.1.2+incompatible
v3.1.1+incompatible
v3.1.0+incompatible
v3.0.17+incompatible
v3.0.16+incompatible
v3.0.15+incompatible
v3.0.14+incompatible
v3.0.13+incompatible
v3.0.12+incompatible
v3.0.11+incompatible
v3.0.10+incompatible
v3.0.9+incompatible
v3.0.8+incompatible
v3.0.7+incompatible
v3.0.6+incompatible
v3.0.5+incompatible
v3.0.4+incompatible
v3.0.3+incompatible
v3.0.2+incompatible
v3.0.1+incompatible
v3.0.0+incompatible
v2.3.8+incompatible
v2.3.7+incompatible
v2.3.6+incompatible
v2.3.5+incompatible
v2.3.4+incompatible
v2.3.3+incompatible
v2.3.2+incompatible
v2.3.1+incompatible
v2.3.0+incompatible
v2.2.5+incompatible
v2.2.4+incompatible
v2.2.3+incompatible
v2.2.2+incompatible
v2.2.1+incompatible
v2.2.0+incompatible
v2.1.3+incompatible
v2.1.2+incompatible
v2.1.1+incompatible
v2.1.0+incompatible
v2.0.13+incompatible
v2.0.12+incompatible
v2.0.11+incompatible
v2.0.10+incompatible
v2.0.9+incompatible
v2.0.8+incompatible
v2.0.7+incompatible
v2.0.6+incompatible
v2.0.5+incompatible
v2.0.4+incompatible
v2.0.3+incompatible
v2.0.2+incompatible
v2.0.1+incompatible
v2.0.0+incompatible
v0.5.0-alpha.5.0.20240911181550-c123b3ea3db3
v0.5.0-alpha.5.0.20240320135013-950cd5fbe6ca
v0.5.0-alpha.5.0.20240131130919-ff2304879e1b
v0.5.0-alpha.5.0.20230512014047-a603c0798948
v0.5.0-alpha.5.0.20221221061116-c8b78319672a
v0.5.0-alpha.5.0.20220915004622-85b640cee793
v0.5.0-alpha.5.0.20220805212701-1e2682301c29
v0.5.0-alpha.5.0.20220712081845-4636a5fab43f
v0.5.0-alpha.5.0.20211015134708-72d3e382e73c
v0.5.0-alpha.5.0.20211007170831-eb9cee9ee38c
v0.5.0-alpha.5.0.20211004023027-19e2e70e4f50
v0.5.0-alpha.5.0.20210512015243-d19fbe541bf9
v0.5.0-alpha.5.0.20210428180535-15715dcf1ace
v0.5.0-alpha.5.0.20210401121737-82eae9227ca0
v0.5.0-alpha.5.0.20210226220824-aa7126864d82
v0.5.0-alpha.5.0.20210123184945-d51c6c689ba3
v0.5.0-alpha.5.0.20210115221649-0880605772db
v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b
v0.5.0-alpha.5.0.20201012212650-eb0fb0e79918
v0.5.0-alpha.5.0.20200915160418-7e2d426ec012
v0.5.0-alpha.5.0.20200910180754-dd1b699fc489
v0.5.0-alpha.5.0.20200824191128-ae9734ed278b
v0.5.0-alpha.5.0.20200821141407-46a0a44f9539
v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5
v0.5.0-alpha.5.0.20200716221620-18dfb9cca345
v0.5.0-alpha.5.0.20200716221548-4873f5516bd9
v0.5.0-alpha.5.0.20200707173218-d3a702a09d92
v0.5.0-alpha.5.0.20200520232829-54ba9589114f
v0.5.0-alpha.5.0.20200513171258-e048e166ab9c
v0.5.0-alpha.5.0.20200425165423-262c93980547
v0.5.0-alpha.5.0.20200410171415-59f5fb25a533
v0.5.0-alpha.5.0.20200407032746-7eae024eade9
v0.5.0-alpha.5.0.20200404213814-dbcf540c8800
v0.5.0-alpha.5.0.20200402134248-51bdeb39e698
v0.5.0-alpha.5.0.20200401174654-e694b7bb0875
v0.5.0-alpha.5.0.20200329194405-dd816f0735f8
v0.5.0-alpha.5.0.20200324205056-bbb0fcfae986
v0.5.0-alpha.5.0.20200320040136-0eee733220fc
v0.5.0-alpha.5.0.20200319002442-e784ba73c229
v0.5.0-alpha.5.0.20200306183522-221f0cc107cb
v0.5.0-alpha.5.0.20200225121829-52fba431b686
v0.5.0-alpha.5.0.20200224211402-c65a9e2dd1fd
v0.5.0-alpha.5.0.20200212203316-09304a4d8263
v0.5.0-alpha.5.0.20191230192607-e6980b1f9fc0
v0.5.0-alpha.5.0.20191211224106-0dc78a144b31
v0.5.0-alpha.5.0.20191023171146-3cf2f69b5738
v0.5.0-alpha.5.0.20191021022006-5dc12f27251a
v0.5.0-alpha.5.0.20191011172313-6d8052314b9e
v0.5.0-alpha.5.0.20191009222652-bbe86b066c0c
v0.5.0-alpha.5.0.20191004122535-555eb1951f2e
v0.5.0-alpha.5.0.20190930204107-236ac2a90522
v0.5.0-alpha.5.0.20190917205325-a14579fbfb1a
v0.5.0-alpha.5.0.20190913181241-21dcadc83c75
v0.5.0-alpha.5.0.20190911215424-9ed5f76dc03b
v0.5.0-alpha.5.0.20190830150955-898bd1351fcf
v0.5.0-alpha.5.0.20190829155310-e5528acf5789
v0.5.0-alpha.5.0.20190827165054-012e38fef305
v0.5.0-alpha.5.0.20190823073701-67d0c21bb04c
v0.5.0-alpha.5.0.20190815204525-8f85f0dc2607
v0.5.0-alpha.5.0.20190812170634-84ed0f7f87b4
v0.5.0-alpha.5.0.20190801225801-f1c7fd3d53b0
v0.5.0-alpha.5.0.20190720005121-fe86a786a4c3
v0.5.0-alpha.5.0.20190711162406-e56e8471ec18
v0.5.0-alpha.5.0.20190709142735-eb7dd97135a5
v0.5.0-alpha.5.0.20190701223455-1f40b6642ff3
v0.5.0-alpha.5.0.20190614042517-2c5162af5c09
v0.5.0-alpha.5.0.20190610035943-d6280f9ea548
v0.5.0-alpha.5.0.20190501202531-8a86a60fbce5
v0.5.0-alpha.5.0.20190412021913-f29b1ada1971
v0.5.0-alpha.5.0.20190322183551-7a5acb4a43aa
v0.5.0-alpha.5.0.20190321122103-41f7142ff986
v0.5.0-alpha.5.0.20190320044326-77d4b742cdbf
v0.5.0-alpha.5.0.20190305225404-b08e6db0e800
v0.5.0-alpha.5.0.20190302072331-2c69559819d3
v0.5.0-alpha.5.0.20190228193606-a943ad0ee4c9
v0.5.0-alpha.5.0.20190225040740-6543273666cb
v0.5.0-alpha.5.0.20190215181705-784daa04988c
v0.5.0-alpha.5.0.20190130112157-46e23b233c18
v0.5.0-alpha.5.0.20190109224148-fae6e92407e0
v0.5.0-alpha.5.0.20190108173120-83c051b701d3
v0.5.0-alpha.5.0.20181228175106-cc8d446a6ec3
v0.5.0-alpha.5.0.20181228115726-23731bf9ba55
v0.5.0-alpha.5.0.20181224055336-6937b772326f
v0.5.0-alpha.5.0.20181212165745-e57f4f420dfe
v0.5.0-alpha.5.0.20181128220305-dedae6eb7c25
v0.5.0-alpha.5.0.20181124034816-6c649de36e0b
v0.5.0-alpha.5.0.20181109213058-9454c4cab09b
v0.5.0-alpha.5.0.20181031231232-83304cfc808c
v0.5.0-alpha.5.0.20181022230727-86b933311d23
v0.5.0-alpha.5.0.20181014065228-dac8c6fcc05b
v0.5.0-alpha.5.0.20181009071057-ba606bf85edf
v0.5.0-alpha.5.0.20180122193200-ea6360f5508a
v0.5.0-alpha.5.0.20180117232308-374dc5743f05
v0.5.0-alpha.5.0.20180111191846-9e079d8f02af
v0.5.0-alpha.5.0.20180102192715-d3c2acf09011
v0.5.0-alpha.5.0.20171220214848-f7a395f0308d
v0.5.0-alpha.5.0.20170616193708-e475a4ea7104
v0.5.0-alpha.5.0.20170519184615-9d7ed0e63a4e
v0.5.0-alpha.5.0.20170428170939-7e6d87638539
v0.5.0-alpha.5.0.20161118191601-3d5ba43211be
v0.5.0-alpha.5.0.20161014214017-83347907774b
v0.5.0-alpha.5.0.20160923181922-2469a9568548
v0.5.0-alpha.5.0.20160916124720-5c2053109bfb
v0.5.0-alpha.5.0.20160506202919-ffd1fa6f52dd
v0.5.0-alpha.5.0.20160217234430-40d3e0daff39
v0.5.0-alpha.5.0.20151106170839-a2d4f85d33ee
v0.5.0-alpha.5.0.20150828172632-dc3e02728863
v0.5.0-alpha.5.0.20150813230109-201bb4b3d82f
v0.5.0-alpha.5.0.20150813172005-ab5a69cb1872
v0.5.0-alpha.5.0.20150629210239-00c32ef022da
v0.5.0-alpha.5.0.20150617050017-c4a5088bbc97
v0.5.0-alpha.5.0.20150423220218-c1608bcdb488
v0.5.0-alpha.5.0.20141218182729-221abdcb3b75
v0.5.0-alpha.5.0.20141213002616-3794f6ab88c1
v0.5.0-alpha.5.0.19700101000000-ffd1fa6f52dd
v0.5.0-alpha.5.0.19700101000000-ff2304879e1b
v0.5.0-alpha.5.0.19700101000000-fe86a786a4c3
v0.5.0-alpha.5.0.19700101000000-fae6e92407e0
v0.5.0-alpha.5.0.19700101000000-f7a395f0308d
v0.5.0-alpha.5.0.19700101000000-f29b1ada1971
v0.5.0-alpha.5.0.19700101000000-f1c7fd3d53b0
v0.5.0-alpha.5.0.19700101000000-eb9cee9ee38c
v0.5.0-alpha.5.0.19700101000000-eb7dd97135a5
v0.5.0-alpha.5.0.19700101000000-eb0fb0e79918
v0.5.0-alpha.5.0.19700101000000-ea6360f5508a
v0.5.0-alpha.5.0.19700101000000-e784ba73c229
v0.5.0-alpha.5.0.19700101000000-e6980b1f9fc0
v0.5.0-alpha.5.0.19700101000000-e694b7bb0875
v0.5.0-alpha.5.0.19700101000000-e57f4f420dfe
v0.5.0-alpha.5.0.19700101000000-e56e8471ec18
v0.5.0-alpha.5.0.19700101000000-e5528acf5789
v0.5.0-alpha.5.0.19700101000000-e475a4ea7104
v0.5.0-alpha.5.0.19700101000000-e048e166ab9c
v0.5.0-alpha.5.0.19700101000000-dedae6eb7c25
v0.5.0-alpha.5.0.19700101000000-dd816f0735f8
v0.5.0-alpha.5.0.19700101000000-dd1b699fc489
v0.5.0-alpha.5.0.19700101000000-dc3e02728863
v0.5.0-alpha.5.0.19700101000000-dbcf540c8800
v0.5.0-alpha.5.0.19700101000000-dac8c6fcc05b
v0.5.0-alpha.5.0.19700101000000-d6280f9ea548
v0.5.0-alpha.5.0.19700101000000-d51c6c689ba3
v0.5.0-alpha.5.0.19700101000000-d3c2acf09011
v0.5.0-alpha.5.0.19700101000000-d3a702a09d92
v0.5.0-alpha.5.0.19700101000000-d19fbe541bf9
v0.5.0-alpha.5.0.19700101000000-cc8d446a6ec3
v0.5.0-alpha.5.0.19700101000000-c8b78319672a
v0.5.0-alpha.5.0.19700101000000-c65a9e2dd1fd
v0.5.0-alpha.5.0.19700101000000-c4a5088bbc97
v0.5.0-alpha.5.0.19700101000000-c1608bcdb488
v0.5.0-alpha.5.0.19700101000000-c123b3ea3db3
v0.5.0-alpha.5.0.19700101000000-bbe86b066c0c
v0.5.0-alpha.5.0.19700101000000-bbb0fcfae986
v0.5.0-alpha.5.0.19700101000000-ba606bf85edf
v0.5.0-alpha.5.0.19700101000000-b08e6db0e800
v0.5.0-alpha.5.0.19700101000000-ae9734ed278b
v0.5.0-alpha.5.0.19700101000000-ab5a69cb1872
v0.5.0-alpha.5.0.19700101000000-aa7126864d82
v0.5.0-alpha.5.0.19700101000000-a943ad0ee4c9
v0.5.0-alpha.5.0.19700101000000-a603c0798948
v0.5.0-alpha.5.0.19700101000000-a2d4f85d33ee
v0.5.0-alpha.5.0.19700101000000-a14579fbfb1a
v0.5.0-alpha.5.0.19700101000000-9ed5f76dc03b
v0.5.0-alpha.5.0.19700101000000-9e079d8f02af
v0.5.0-alpha.5.0.19700101000000-9d7ed0e63a4e
v0.5.0-alpha.5.0.19700101000000-950cd5fbe6ca
v0.5.0-alpha.5.0.19700101000000-9454c4cab09b
v0.5.0-alpha.5.0.19700101000000-8f85f0dc2607
v0.5.0-alpha.5.0.19700101000000-8a86a60fbce5
v0.5.0-alpha.5.0.19700101000000-8a03d2e9614b
v0.5.0-alpha.5.0.19700101000000-898bd1351fcf
v0.5.0-alpha.5.0.19700101000000-86b933311d23
v0.5.0-alpha.5.0.19700101000000-85b640cee793
v0.5.0-alpha.5.0.19700101000000-84ed0f7f87b4
v0.5.0-alpha.5.0.19700101000000-83c051b701d3
v0.5.0-alpha.5.0.19700101000000-83347907774b
v0.5.0-alpha.5.0.19700101000000-83304cfc808c
v0.5.0-alpha.5.0.19700101000000-82eae9227ca0
v0.5.0-alpha.5.0.19700101000000-7eae024eade9
v0.5.0-alpha.5.0.19700101000000-7e6d87638539
v0.5.0-alpha.5.0.19700101000000-7e2d426ec012
v0.5.0-alpha.5.0.19700101000000-7a5acb4a43aa
v0.5.0-alpha.5.0.19700101000000-784daa04988c
v0.5.0-alpha.5.0.19700101000000-77d4b742cdbf
v0.5.0-alpha.5.0.19700101000000-72d3e382e73c
v0.5.0-alpha.5.0.19700101000000-6d8052314b9e
v0.5.0-alpha.5.0.19700101000000-6c649de36e0b
v0.5.0-alpha.5.0.19700101000000-6937b772326f
v0.5.0-alpha.5.0.19700101000000-67d0c21bb04c
v0.5.0-alpha.5.0.19700101000000-6543273666cb
v0.5.0-alpha.5.0.19700101000000-5dc12f27251a
v0.5.0-alpha.5.0.19700101000000-5c2053109bfb
v0.5.0-alpha.5.0.19700101000000-59f5fb25a533
v0.5.0-alpha.5.0.19700101000000-555eb1951f2e
v0.5.0-alpha.5.0.19700101000000-54ba9589114f
v0.5.0-alpha.5.0.19700101000000-52fba431b686
v0.5.0-alpha.5.0.19700101000000-51bdeb39e698
v0.5.0-alpha.5.0.19700101000000-4873f5516bd9
v0.5.0-alpha.5.0.19700101000000-46e23b233c18
v0.5.0-alpha.5.0.19700101000000-46a0a44f9539
v0.5.0-alpha.5.0.19700101000000-4636a5fab43f
v0.5.0-alpha.5.0.19700101000000-41f7142ff986
v0.5.0-alpha.5.0.19700101000000-40d3e0daff39
v0.5.0-alpha.5.0.19700101000000-3d5ba43211be
v0.5.0-alpha.5.0.19700101000000-3cf2f69b5738
v0.5.0-alpha.5.0.19700101000000-3794f6ab88c1
v0.5.0-alpha.5.0.19700101000000-374dc5743f05
v0.5.0-alpha.5.0.19700101000000-2c69559819d3
v0.5.0-alpha.5.0.19700101000000-2c5162af5c09
v0.5.0-alpha.5.0.19700101000000-262c93980547
v0.5.0-alpha.5.0.19700101000000-2469a9568548
v0.5.0-alpha.5.0.19700101000000-23731bf9ba55
v0.5.0-alpha.5.0.19700101000000-236ac2a90522
v0.5.0-alpha.5.0.19700101000000-221f0cc107cb
v0.5.0-alpha.5.0.19700101000000-221abdcb3b75
v0.5.0-alpha.5.0.19700101000000-21dcadc83c75
v0.5.0-alpha.5.0.19700101000000-201bb4b3d82f
v0.5.0-alpha.5.0.19700101000000-1f40b6642ff3
v0.5.0-alpha.5.0.19700101000000-1e2682301c29
v0.5.0-alpha.5.0.19700101000000-19e2e70e4f50
v0.5.0-alpha.5.0.19700101000000-18dfb9cca345
v0.5.0-alpha.5.0.19700101000000-17cef6e3e9d5
v0.5.0-alpha.5.0.19700101000000-15715dcf1ace
v0.5.0-alpha.5.0.19700101000000-0eee733220fc
v0.5.0-alpha.5.0.19700101000000-0dc78a144b31
v0.5.0-alpha.5.0.19700101000000-09304a4d8263
v0.5.0-alpha.5.0.19700101000000-0880605772db
v0.5.0-alpha.5.0.19700101000000-012e38fef305
v0.5.0-alpha.5.0.19700101000000-00c32ef022da
v0.5.0-alpha.4.0.20141126073201-d01d6119e54f
v0.5.0-alpha.4.0.19700101000000-d01d6119e54f
v0.5.0-alpha.3.0.20141115001332-a817ca705b5a
v0.5.0-alpha.3.0.19700101000000-a817ca705b5a
v0.5.0-alpha.2.0.20141108004402-0b493ac8d4d8
v0.5.0-alpha.2.0.19700101000000-0b493ac8d4d8
v0.5.0-alpha.1.0.20141031223708-f35130a0ed06
v0.5.0-alpha.1.0.19700101000000-f35130a0ed06
v0.5.0-alpha.0.0.20141025002549-2b9cabcbcd4c
v0.5.0-alpha.0.0.19700101000000-2b9cabcbcd4c
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.2.0-rc4.0.20131223044319-f026d1c14ebc
v0.2.0-rc4.0.19700101000000-f026d1c14ebc
v0.2.0-rc3.0.20131216225511-fd8ce5d11a4a
v0.2.0-rc3.0.19700101000000-fd8ce5d11a4a
v0.2.0-rc2.0.20131206043356-5edaee79e67c
v0.2.0-rc2.0.19700101000000-5edaee79e67c
v0.2.0-rc0.0.20131114033806-f4991004261e
v0.2.0-rc0.0.20131017162722-088a01f19cda
v0.2.0-rc0.0.19700101000000-f4991004261e
v0.2.0-rc0.0.19700101000000-088a01f19cda
v0.1.2
v0.1.1
v0.1.0