CVE-2018-16886HIGHCVSS 8.1vversions 3.2.x before 3.2.26 and 3.3.x before 3.3.112019-01-14
CVE-2018-16886 [HIGH] CWE-287 CVE-2018-16886: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authenticati
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any va
cvelistv5nvd