CVE-2018-16886

Priority
Description
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to
an improper authentication issue when role-based access control (RBAC) is
used and client-cert-auth is enabled. If an etcd client server TLS
certificate contains a Common Name (CN) which matches a valid RBAC
username, a remote attacker may authenticate as that user with any valid
(trusted) client certificate in a REST API request to the gRPC-gateway.
Package
Source: etcd (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
More Information

Updated: 2019-03-19 11:29:05 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)