[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2018-16886 -- etcd

ID: oval:org.secpod.oval:def:1901872Date: (C)2019-06-07   (M)2023-11-13
Class: VULNERABILITYFamily: unix




etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name which matches a valid RBAC username a remote attacker may authenticate as that user with any valid client certificate in a REST API request to the gRPC-gateway.

Platform:
Ubuntu 18.10
Ubuntu 18.04
Product:
etcd
Reference:
CVE-2018-16886
CVE    1
CVE-2018-16886
CPE    3
cpe:/o:ubuntu:ubuntu_linux:18.04
cpe:/o:ubuntu:ubuntu_linux:18.10
cpe:/a:etcd_project:etcd

© SecPod Technologies