CVE-2018-16886
First published: Mon Nov 19 2018(Updated: )
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/go.etcd.io/etcd | <0.5.0-alpha.5.0.20190108173120-83c051b701d3 | 0.5.0-alpha.5.0.20190108173120-83c051b701d3 |
| go/go.etcd.io/etcd/v3 | >=3.3.0<3.3.11 | 3.3.11 |
| go/go.etcd.io/etcd/v3 | >=3.2.0<3.2.26 | 3.2.26 |
| redhat/etcd | <3.2.26 | 3.2.26 |
| redhat/etcd | <3.3.11 | 3.3.11 |
| etcd | >=3.2.0<3.2.26 | |
| etcd | >=3.3.0<3.3.11 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Fedora | =30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2018-16886
- https://github.com/etcd-io/etcd/pull/10366
- https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d
- https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
- https://access.redhat.com/errata/RHSA-2019:0237
- https://access.redhat.com/errata/RHSA-2019:1352
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
- http://www.securityfocus.com/bid/106540
- https://pkg.go.dev/vuln/GO-2021-0077
- https://github.com/advisories/GHSA-h6xx-pmxh-3wgp (Advisory)
- https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887
- https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f
- https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4
- https://docs.google.com/document/d/1ph7LOfUsdKo2qdgMvFahVSd7T6661c8yRr_mR2m3Gms/edit?usp=sharing
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1651034#c21
- https://localhost:2379/v3beta/kv/put
- https://github.com/etcd-io/etcd/releases
- https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
- https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/authentication.md
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1665782
- https://bugzilla.redhat.com/show_bug.cgi?id=1651034
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/
Frequently Asked Questions
What is CVE-2018-16886?
CVE-2018-16886 is a vulnerability in etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 that allows improper authentication when role-based access control (RBAC) is used and client-cert-auth is enabled.
How severe is CVE-2018-16886?
CVE-2018-16886 has a severity score of 8.1 (High).
Which software versions are affected by CVE-2018-16886?
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are affected by CVE-2018-16886.
How can I fix CVE-2018-16886?
To fix CVE-2018-16886, update your etcd installation to version 3.2.26 or 3.3.11 depending on your current version.
Where can I find more information about CVE-2018-16886?
You can find more information about CVE-2018-16886 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-16886), [GitHub Pull Request](https://github.com/etcd-io/etcd/pull/10366), [GitHub Commit](https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d).
- collector/github-advisory-latest
- alias/GHSA-h6xx-pmxh-3wgp
- alias/CVE-2018-16886
- collector/github-advisory
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/go
- package-manager/redhat
- vendor/etcd
- canonical/etcd
- version/etcd/3.2.0
- version/etcd/3.3.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/30