GMS-2022-5095: etcd vulnerable to TOCTOU of gateway endpoint authentication
The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation.
Detail
The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once.
References
Detect and mitigate GMS-2022-5095 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →