Web application abuses : etcd Authentication Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.141874

Categoría: Web application abuses

Título: etcd Authentication Vulnerability

Resumen: etcd is vulnerable to an improper authentication issue when role-based access;control (RBAC) is used and client-cert-auth is enabled.

Descripción: Summary:
etcd is vulnerable to an improper authentication issue when role-based access
control (RBAC) is used and client-cert-auth is enabled.

Vulnerability Insight:
If an etcd client server TLS certificate contains a Common Name (CN) which
matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client
certificate in a REST API request to the gRPC-gateway.

Affected Software/OS:
etcd version 3.2.x and 3.3.x.

Solution:
Update to version 3.2.26, 3.3.11 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16886

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.141874
Categoría:	Web application abuses
Título:	etcd Authentication Vulnerability
Resumen:	etcd is vulnerable to an improper authentication issue when role-based access;control (RBAC) is used and client-cert-auth is enabled.
Descripción:	Summary: etcd is vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. Vulnerability Insight: If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. Affected Software/OS: etcd version 3.2.x and 3.3.x. Solution: Update to version 3.2.26, 3.3.11 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16886
Copyright	Copyright (C) 2019 Greenbone Networks GmbH