Oval Definition:	oval:org.opensuse.security:def:201816886
Revision Date: 2022-06-30 Version: 1 Title: CVE-2018-16886 Description: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2018-16886 SUSE CVE-2018-16886 SUSE-SU-2019:0330-1 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information etcd-3.4.16-3.1 is installed OR etcdctl-3.4.16-3.1 is installed
BACK