reports/GO-2021-0077.yaml - vulndb - Git at Google

 module: go.etcd.io/etcd
 package: go.etcd.io/etcd/auth
 versions:
   - fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
 description: |
   A user can use a valid client certificate that contains a CommonName that matches a
   valid RBAC username to authenticate themselves as that user, despite lacking the
   required credentials. This may allow authentication bypass, but requires a certificate
   that is issued by a CA trusted by the server.
 cves:
   - CVE-2018-16886
 symbols:
   - authStore.AuthInfoFromTLS
 links:
   pr: https://github.com/etcd-io/etcd/pull/10366
   commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
	module: go.etcd.io/etcd
	package: go.etcd.io/etcd/auth
	versions:
	- fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
	description: \|
	A user can use a valid client certificate that contains a CommonName that matches a
	valid RBAC username to authenticate themselves as that user, despite lacking the
	required credentials. This may allow authentication bypass, but requires a certificate
	that is issued by a CA trusted by the server.
	cves:
	- CVE-2018-16886
	symbols:
	- authStore.AuthInfoFromTLS
	links:
	pr: https://github.com/etcd-io/etcd/pull/10366
	commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2