CVE-2018-16886 — Improper Authentication in Etcd

CWE-287 — Improper Authentication CWE-285 — Improper Authorization10 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.8%

top 26.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Etcd Go.etcd.io Etcd Go.etcd.io Etcd V3 +5 more

Timeline

PublishedJan 14

Latest updateApr 12

Description

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages8 packages

▶NVDetcd/etcd3.2.0 — 3.2.26+1

▶Gogo.etcd.io/etcd< 0.5.0-alpha.5.0.20190108173120-83c051b701d3

▶Gogo.etcd.io/etcd_v33.2.0 — 3.2.26+1

▶Debianetcd/etcd< 3.2.26+dfsg-1+3

▶CVEListV5the_etcd_project/etcdversions 3.2.x before 3.2.26 and 3.3.x before 3.3.11

Also affects: Fedora 30

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

go.etcd.io/etcd Authentication Bypass↗2022-04-12

▶

OSV

go.etcd.io/etcd Authentication Bypass↗2022-04-12

▶

OSV

Authentication bypass in go.etcd.io/etcd↗2021-04-14

▶

CVEList

CVE-2018-16886: etcd versions 3↗2019-01-14

▶

OSV

CVE-2018-16886: etcd versions 3↗2019-01-14

▶

📋Vendor Advisories

Red Hat

etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway↗2019-01-11

▶

Debian

CVE-2018-16886: etcd - etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an i...↗2018

▶

💬Community

Bugzilla

CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway [fedora-all]↗2019-01-14

▶

Bugzilla

CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway↗2018-11-19

▶