CVE-2018-16886
Publication date 14 January 2019
Last updated 26 August 2025
Ubuntu priority
Description
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| etcd | 25.10 questing |
Not affected
|
| 25.04 plucky |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release |
Notes
msalvatore
Introduced by https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.8 · Medium
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
References
Other references
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
- https://github.com/etcd-io/etcd/pull/10366
- https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
- https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887
- https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f
- https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4
- https://github.com/etcd-io/etcd/pull/10386 (3.2 backport)
- https://www.cve.org/CVERecord?id=CVE-2018-16886