admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

version info tweaked

Browse Source
This commit is contained in:
Pedro Sampaio 2019-01-14 13:16:24 -03:00 committed by GitHub
parent 609331ae3e
commit 946a422708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2018/16xxx/CVE-2018-16886.json
View File

@ -18,7 +18,7 @@
"version": {
"version_data": [
{
"version_value": "before 3.2.36 and before 3.3.11"
"version_value": "versions 3.2.x before 3.2.36 and 3.3.x before 3.3.11"
}
]
}
@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "etcd versions before 3.2.26 and before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway."
"value": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway."
}
]
},