{"id":"UBUNTU-CVE-2018-16886","details":"etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.","modified":"2025-09-08T16:45:01Z","published":"2019-01-14T19:29:00Z","upstream":["CVE-2018-16886"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-16886"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/pull/10366"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4"},{"type":"REPORT","url":"https://github.com/etcd-io/etcd/pull/10386"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-16886"}],"affected":[{"package":{"name":"etcd","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/etcd@3.2.17+dfsg-1ubuntu0.1+esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.1.0-1","3.2.9+dfsg-2","3.2.9+dfsg-3","3.2.17+dfsg-1","3.2.17+dfsg-1ubuntu0.1~esm1","3.2.17+dfsg-1ubuntu0.1","3.2.17+dfsg-1ubuntu0.1+esm1","3.2.17+dfsg-1ubuntu0.1+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.2.17+dfsg-1ubuntu0.1+esm2","binary_name":"etcd"},{"binary_version":"3.2.17+dfsg-1ubuntu0.1+esm2","binary_name":"etcd-client"},{"binary_version":"3.2.17+dfsg-1ubuntu0.1+esm2","binary_name":"etcd-server"},{"binary_version":"3.2.17+dfsg-1ubuntu0.1+esm2","binary_name":"golang-etcd-server-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-16886.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}