CVE-2021-28235
Summary
| CVE | CVE-2021-28235 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-04 15:15:00 UTC |
| Updated | 2023-04-11 01:15:00 UTC |
| Description | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| etcd-3.4.10-test/temp4cj_2.png at master · lucyxss/etcd-3.4.10-test · GitHub | MISC | github.com | |
| Programmable Search Engine | MISC | etcd.com | |
| GitHub - etcd-io/etcd: Distributed reliable key-value store for the most critical data of a distributed system | MISC | github.com | |
| etcd-3.4.10-test/temp4cj.png at master · lucyxss/etcd-3.4.10-test · GitHub | MISC | github.com | |
| security: clear password after authenticating the user by ahrtr · Pull Request #15648 · etcd-io/etcd · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199583 Ubuntu Security Notification for etcd Vulnerability (USN-6189-1)
- 241580 Red Hat Update for OpenStack Platform 16.1 (RHSA-2023:3447)
- 241581 Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:3441)
- 241582 Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3445)
- 906805 Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (26139-1)