1
Candidate: CVE-2018-1098
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1098
5
https://github.com/coreos/etcd/issues/9353
6
https://bugzilla.redhat.com/show_bug.cgi?id=1552714
8
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An
9
attacker can set up a website that tries to send a POST request to the etcd
10
server and modify a key. Adding a key is done with PUT so it is
11
theoretically safe (can't PUT from an HTML form or such) but POST allows
12
creating in-order keys that an attacker can send.
22
upstream_etcd: needs-triage
25
xenial_etcd: needs-triage
26
artful_etcd: needs-triage
27
bionic_etcd: needs-triage
28
devel_etcd: needs-triage