| CVE-2020-15114 | Date: (C)2020-08-08 (M)2023-12-22 |
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V3 Severity: | CVSS V2 Severity: |
| CVSS Score : 7.7 | CVSS Score : 4.0 |
| Exploit Score: 3.1 | Exploit Score: 8.0 |
| Impact Score: 4.0 | Impact Score: 2.9 |
| |
| CVSS V3 Metrics: | CVSS V2 Metrics: |
| Attack Vector: NETWORK | Access Vector: NETWORK |
| Attack Complexity: LOW | Access Complexity: LOW |
| Privileges Required: LOW | Authentication: SINGLE |
| User Interaction: NONE | Confidentiality: NONE |
| Scope: CHANGED | Integrity: NONE |
| Confidentiality: NONE | Availability: PARTIAL |
| Integrity: NONE | |
| Availability: HIGH | |
| | |
