Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5.
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-28235
- https://github.com/etcd-io/etcd
- https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png
- https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png
- http://etcd.com
- https://github.com/etcd-io/etcd/pull/15648
- https://github.com/advisories/GHSA-gmph-wf7j-9gcm
