Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.5] Backport disable following redirects when checking peer urls #17024

Merged
merged 1 commit into from
Nov 28, 2023

Conversation

jmhbnz
Copy link
Member

@jmhbnz jmhbnz commented Nov 27, 2023

It's possible that etcd server may run into SSRF situation when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to other unexpected internal URL when getting the new member's version.

Backports:

It's possible that etcd server may run into SSRF situation when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to other unexpected internal URL when getting the new member's version.

Signed-off-by: James Blair <mail@jamesblair.net>
@sharathsivakumar
Copy link
Contributor

@serathius and @jmhbnz Can this merged? With this, we will be ready to move ahead with the release of 3.5.11

@serathius
Copy link
Member

Let me merge it. Issue was proposed by Benjamin with intention of being backported.

@serathius serathius merged commit ce4ae2b into etcd-io:release-3.5 Nov 28, 2023
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants