From 946a4227082dabf745c9013680e2c8679fe01fe1 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 14 Jan 2019 13:16:24 -0300 Subject: [PATCH] version info tweaked --- 2018/16xxx/CVE-2018-16886.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2018/16xxx/CVE-2018-16886.json b/2018/16xxx/CVE-2018-16886.json index 9b94e38184a..bb9cc6a8dea 100644 --- a/2018/16xxx/CVE-2018-16886.json +++ b/2018/16xxx/CVE-2018-16886.json @@ -18,7 +18,7 @@ "version": { "version_data": [ { - "version_value": "before 3.2.36 and before 3.3.11" + "version_value": "versions 3.2.x before 3.2.36 and 3.3.x before 3.3.11" } ] } @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "etcd versions before 3.2.26 and before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway." + "value": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway." } ] },