Critical severity9.8NVD Advisory· Published Apr 4, 2023· Updated Jul 5, 2026
CVE-2021-28235
CVE-2021-28235
Description
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords9 versionspkg:bitnami/etcdpkg:golang/go.etcd.io/etcd/v3pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/etcd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/etcd-for-k8s1.25&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/etcd-for-k8s1.26&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/etcd-for-k8s1.27&distro=openSUSE%20Tumbleweedpkg:rpm/suse/etcd&distro=SUSE%20Package%20Hub%2015%20SP6
>= 3.4.10, < 3.4.11+ 8 more
- (no CPE)range: >= 3.4.10, < 3.4.11
- (no CPE)
- (no CPE)range: < 3.5.12-150000.7.6.1
- (no CPE)range: < 3.5.12-150000.7.6.1
- (no CPE)range: < 3.5.8-1.1
- (no CPE)range: < 3.5.9-1.1
- (no CPE)range: < 3.5.9-1.1
- (no CPE)range: < 3.5.9-1.1
- (no CPE)range: < 3.5.12-bp156.4.3.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-gmph-wf7j-9gcmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28235ghsaADVISORY
- etcd.comnvdBroken LinkWEB
- github.com/etcd-io/etcd/pull/15648nvdWEB
- github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.pngnvdProductWEB
- github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.pngnvdProductWEB
News mentions
0No linked articles in our index yet.