PT-2023-8995 · Etcd-Io+7 · Etcd-Io+7

Benjamin Wang

Published

2023-04-04

Updated

2025-02-21

CVE-2021-28235

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Etcd-io version 3.4.10

Description The issue is related to an authentication vulnerability that can be exploited by sending an authentication request to the etcdserver with a username and password, potentially allowing a remote attacker to escalate privileges. This vulnerability can be exploited via the debug function.

Recommendations For Etcd-io version 3.4.10, update to version 3.5.8 or apply the backported fix to version 3.4 to resolve the issue. As a temporary workaround, consider disabling the debug function until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2023-1619

ALT-PU-2023-1624

ALT-PU-2023-1931

AZL-26139

BDU:2024-02894

BIT-ETCD-2021-28235

CVE-2021-28235

GHSA-GMPH-WF7J-9GCM

OESA-2025-1168

OESA-2025-1169

OESA-2025-1170

OPENSUSE-SU-2024:12896-1

OPENSUSE-SU-2024:13369-1

OPENSUSE-SU-2024:13370-1

OPENSUSE-SU-2024:13371-1

OPENSUSE-SU-2024_3656-1

OPENSUSE-SU-2025:0003-1

RHSA-2023:3441

RHSA-2023:3445

RHSA-2023:3447

SUSE-SU-2024:3656-1

USN-6189-1

Affected Products

Alt Linux

Astra Linux

Debian

Etcd-Io

Linuxmint

Red Os

Suse

Ubuntu

PT-2023-8995 · Etcd-Io+7 · Etcd-Io+7

CVE-2021-28235

Weakness Enumeration

Related Identifiers

Affected Products

References · 74