Lucene search

GitHub Advisory DatabaseGHSA-GMPH-WF7J-9GCM

HistoryApr 04, 2023 - 3:30 p.m.

Etcd-io Improper Authentication vulnerability

2023-04-0415:30:27

CWE-287

GitHub Advisory Database

github.com

etcd-io

authentication vulnerability

remote attackers

privilege escalation

debug function

3.4.10

3.5.8

security patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5.

Affected configurations

Vulners

Node

go.etcd.ioetcdMatch3.4.10

CPENameOperatorVersion
go.etcd.io/etcd/v3eq3.4.10

CPE	Name	Operator	Version
	go.etcd.io/etcd/v3	eq	3.4.10

References

etcd.com

github.com/advisories/GHSA-gmph-wf7j-9gcm

github.com/etcd-io/etcd

github.com/etcd-io/etcd/pull/15648

github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png

github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png

nvd.nist.gov/vuln/detail/CVE-2021-28235

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON

Related for GHSA-GMPH-WF7J-9GCM