CVE-2021-28235
Summary
| CVE | CVE-2021-28235 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-04 15:15:08 UTC |
| Updated | 2026-06-17 03:46:05 UTC |
| Description | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.016050000 probability, percentile 0.729290000 (date 2026-07-05)
Problem Types: CWE-287 | n/a
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security: clear password after authenticating the user by ahrtr · Pull Request #15648 · etcd-io/etcd · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | |
| etcd-3.4.10-test/temp4cj_2.png at master · lucyxss/etcd-3.4.10-test · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| etcd-3.4.10-test/temp4cj.png at master · lucyxss/etcd-3.4.10-test · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| Programmable Search Engine | af854a3a-2127-422b-91ae-364da2661108 | etcd.com | Broken Link |
| GitHub - etcd-io/etcd: Distributed reliable key-value store for the most critical data of a distributed system | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199583 Ubuntu Security Notification for etcd Vulnerability (USN-6189-1)
- 241580 Red Hat Update for OpenStack Platform 16.1 (RHSA-2023:3447)
- 241581 Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:3441)
- 241582 Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3445)
- 906805 Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (26139-1)