Vulnerability
The etcd HTTP API can be used without requiring authentication. As a result, keys containing sensitive information could be exposed. A user will also be able to update and delete keys without having to authenticate.
Impact
A remote attacker can deduce important data like usernames and passwords and modify or delete it.
Mitigation / Precaution
We recommend you implement an authentication mechanism for API to patch this issue.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
