Vulnerability CVE-2021-28235: Information

Description

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-28235
Published: April 4, 2023
Modified: April 11, 2023
Error type identifier: CWE-287

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
etcdsisyphus3.5.8-alt13.5.12-alt1ALT-PU-2023-1619-1318517Fixed
etcdsisyphus_riscv643.5.8-alt13.5.12-alt1ALT-PU-2023-3204-1-Fixed
etcdp103.5.8-alt13.5.12-alt1ALT-PU-2023-1624-1317882Fixed
etcdc10f13.5.8-alt13.5.12-alt1ALT-PU-2023-1624-1317882Fixed
etcdc9f23.5.9-alt13.5.9-alt1ALT-PU-2023-1931-1322161Fixed
etcdp113.5.8-alt13.5.12-alt1ALT-PU-2023-1619-1318517Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png
  • Product
https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png
  • Product
http://etcd.com
  • Broken Link
https://github.com/etcd-io/etcd
  • Product
https://github.com/etcd-io/etcd/pull/15648

      1. Configuration 1

        cpe:2.3:a:etcd:etcd:3.4.10:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top