reports/GO-2021-0077.yaml - vulndb - Git at Google

 packages:
   - module: go.etcd.io/etcd
     package: go.etcd.io/etcd/auth
     symbols:
       - authStore.AuthInfoFromTLS
     versions:
       - fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
 description: |
     A user can use a valid client certificate that contains a CommonName that matches a
     valid RBAC username to authenticate themselves as that user, despite lacking the
     required credentials. This may allow authentication bypass, but requires a certificate
     that is issued by a CA trusted by the server.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2018-16886
 ghsas:
   - GHSA-h6xx-pmxh-3wgp
 links:
     pr: https://github.com/etcd-io/etcd/pull/10366
     commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
	packages:
	- module: go.etcd.io/etcd
	package: go.etcd.io/etcd/auth
	symbols:
	- authStore.AuthInfoFromTLS
	versions:
	- fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
	description: \|
	A user can use a valid client certificate that contains a CommonName that matches a
	valid RBAC username to authenticate themselves as that user, despite lacking the
	required credentials. This may allow authentication bypass, but requires a certificate
	that is issued by a CA trusted by the server.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2018-16886
	ghsas:
	- GHSA-h6xx-pmxh-3wgp
	links:
	pr: https://github.com/etcd-io/etcd/pull/10366
	commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2