reports/GO-2021-0077.toml - vulndb - Git at Google

 module = "go.etcd.io/etcd"
 package = "go.etcd.io/etcd/auth"

 description = """
 A user can use a valid client certificate that contains a CommonName that matches a
 valid RBAC username to authenticate themselves as that user, despite lacking the
 required credentials. This may allow authentication bypass, but requires a certificate
 that is issued by a CA trusted by the server.
 """

 cve = "CVE-2018-16886"

 symbols = ["authStore.AuthInfoFromTLS"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v0.5.0-alpha.5.0.20190108173120-83c051b701d3"

 [links]
 commit = "https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2"
 pr = "https://github.com/etcd-io/etcd/pull/10366"
	module = "go.etcd.io/etcd"
	package = "go.etcd.io/etcd/auth"

	description = """
	A user can use a valid client certificate that contains a CommonName that matches a
	valid RBAC username to authenticate themselves as that user, despite lacking the
	required credentials. This may allow authentication bypass, but requires a certificate
	that is issued by a CA trusted by the server.
	"""

	cve = "CVE-2018-16886"

	symbols = ["authStore.AuthInfoFromTLS"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v0.5.0-alpha.5.0.20190108173120-83c051b701d3"

	[links]
	commit = "https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2"
	pr = "https://github.com/etcd-io/etcd/pull/10366"