22 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-16886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and...
SUSE CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
go.etcd.io/etcd Authentication Bypass
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
GHSA-H6XX-PMXH-3WGP go.etcd.io/etcd Authentication Bypass
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
Improper Authentication
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remote...
grpc-gateway:fuzz: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5700081334091776 Project: grpc-gateway Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasangrpc-gateway Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000027f62e71 Crash State: NULL Sanitizer: address ASAN Recommended...
CVE-2018-16886
Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name CN which matches a valid RBAC username, a...
RHEL 7 : etcd (RHSA-2019:1352)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1352 advisory. The etcd packages provide a highly available key-value store for shared configuration. The following packages have been upgraded to a later upstream...
Moderate: Red Hat Security Advisory: etcd security, bug fix, and enhancement update
An update for etcd is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name CN which matches a valid RBAC username, a...
(RHSA-2019:0237) Moderate: etcd security, bug fix, and enhancement update
The etcd packages provide a highly available key-value store for shared configuration. The following packages have been upgraded to a later upstream version: etcd 3.3.11. BZ1664290 Security Fixes: etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS via gRPC-gateway CVE-2018-16886 For...
Weak Authentication
github.com/etcd-io/etcd is vulnerable to privilege escalation. The vulnerability exists as it uses Common Name CN in the etcd client server TLS certificate to authenticate user with any valid certificate to the gRPC-gateway...
etcd 3.2.x, 3.3.x Authentication Vulnerability
etcd is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Authentication flaw
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
UBUNTU-CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...
CVE-2018-16886
CVE-2018-16886 affects etcd 3.2.x before 3.2.26 and 3.3.x before 3.3.11. The vulnerability is an improper authentication issue when RBAC is enabled and client-cert-auth is used; if an etcd TLS certificate CN matches a valid RBAC username, a remote attacker could authenticate as that user using an...