CoreOS etcd Role-Based Access Control Authentication Vulnerability – 16th Jan 2019

Preface: Container Linux by CoreOS is an open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and scalability.

Found vulnerability:

A vulnerability in CoreOS etcd could allow an unauthenticated, remote attacker to bypass security restrictions and gain unauthorized access.


An attacker could exploit this vulnerability by sending malicious requests to the affected application. A possible way let attacker evade security restrictions then gain unauthorized access to the targeted system.

Vendor Announcement:

CoreOS has released updated software at the following link: