| packages: |
| - module: go.etcd.io/etcd |
| package: go.etcd.io/etcd/auth |
| symbols: |
| - authStore.AuthInfoFromTLS |
| versions: |
| - fixed: 0.5.0-alpha.5.0.20190108173120-83c051b701d3 |
| description: | |
| A user can use a valid client certificate that contains a CommonName that matches a |
| valid RBAC username to authenticate themselves as that user, despite lacking the |
| required credentials. This may allow authentication bypass, but requires a certificate |
| that is issued by a CA trusted by the server. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2018-16886 |
| ghsas: |
| - GHSA-h6xx-pmxh-3wgp |
| links: |
| pr: https://github.com/etcd-io/etcd/pull/10366 |
| commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2 |