CVE-2021-28235: Improper Authentication

April 4, 2023 (updated April 11, 2023)

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

References

etcd.com/
github.com/advisories/GHSA-gmph-wf7j-9gcm
github.com/etcd-io/etcd
github.com/etcd-io/etcd/pull/15648
github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png
github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png
nvd.nist.gov/vuln/detail/CVE-2021-28235

Detect and mitigate CVE-2021-28235 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →