UBUNTU-CVE-2020-15136
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 06 Aug 2020, 23:15
Last modified:20 May 2026, 16:04
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Aug 2020, 23:15
Published
Vulnerability first disclosed
20 May 2026, 16:04
Last Modified
Vulnerability information updated
Description
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected Systems
- ubuntu•etcd
all | all | all | all