{"id":"CVE-2018-16886","details":"etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.","aliases":["GHSA-h6xx-pmxh-3wgp","GO-2021-0077"],"modified":"2026-04-10T04:06:53.001588Z","published":"2019-01-14T19:29:00.243Z","related":["CGA-7rj7-px9h-mv37","SUSE-SU-2024:3656-1","openSUSE-SU-2024:10741-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106540"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0237"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1352"},{"type":"ADVISORY","url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication"},{"type":"ADVISORY","url":"https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/etcd-io/etcd","events":[{"introduced":"e475a4ea710491899fd4427552eda6ee45775320"},{"fixed":"06cec40911744c0aca5d1afd69b2631b0a4879ba"},{"introduced":"c23606781f63d09917a1e7abfcefeb337a9608ea"},{"fixed":"2cf9e51d2a78003b164c2998886158e60ded1cbb"}],"database_specific":{"versions":[{"introduced":"3.2.0"},{"fixed":"3.2.26"},{"introduced":"3.3.0"},{"fixed":"3.3.11"}]}}],"versions":["v3.3.0","v3.3.1","v3.3.10","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16886.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}