{"id":"AZL-6393","summary":"CVE-2020-15136 affecting package etcd for versions less than 3.5.0-3","details":"In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.","modified":"2026-04-01T05:20:13.946579Z","published":"2020-08-06T23:15:11Z","upstream":["CVE-2020-15136"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15136"}],"affected":[{"package":{"name":"etcd","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/etcd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.0-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6393.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}]}