Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nbXBoLXdmN2otOWdjbc4AAyiB
Etcd-io Improper Authentication vulnerability
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5.
Permalink: https://github.com/advisories/GHSA-gmph-wf7j-9gcmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbXBoLXdmN2otOWdjbc4AAyiB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-gmph-wf7j-9gcm, CVE-2021-28235
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28235
- https://github.com/etcd-io/etcd
- https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png
- https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png
- http://etcd.com
- https://github.com/etcd-io/etcd/pull/15648
- https://github.com/advisories/GHSA-gmph-wf7j-9gcm
Blast Radius: 31.0
Affected Packages
go:go.etcd.io/etcd/v3
Dependent packages: 466Dependent repositories: 1,448
Downloads:
Affected Version Ranges: = 3.4.10
No known fixed version
All affected versions: 3.4.10