It has been discovered that etcd does not correctly restrict access to resources based on hostname. A remote attacker could perform a DNS-rebinding attack and trick the browser into sending requests to an etcd server on an internal network, bypassing the Same-Origin Policy.
etcd 3.3.1 and earlier does not correctly restrict access to resources based on
the hostname, thus allowing a DNS rebinding attack. An attacker can control his
DNS records and trick the browser into sending requests to an etcd server on an
internal network and bypassing the same-origin policy.
Created etcd tracking bugs for this issue:
Affects: fedora-all [bug 1552720]
Configure and enable authentication on the etcd server or secure your client connection via HTTPS.