Improper Authentication in etcd Affected by Role-Based Access Control
CVE-2018-16886
6.8MEDIUM
What is CVE-2018-16886?
The vulnerability in etcd arises from an improper authentication mechanism when role-based access control (RBAC) is implemented alongside client-cert-auth. If an etcd client server's TLS certificate has a Common Name (CN) that corresponds to a valid RBAC username, an attacker could exploit this weakness. By using any valid, trusted client certificate in a REST API request to the gRPC-gateway, the attacker might authenticate as the legitimate user associated with that CN, potentially compromising sensitive data and system integrity.
Affected Version(s)
etcd: versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
