CVE-2021-36779
9.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | Longhorn | longhorn < 1.1.3 | affected |
| SUSE | Longhorn | longhorn < 1.2.3 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.suse.com/show_bug.cgi?id=1191818
- https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx
References
- https://bugzilla.suse.com/show_bug.cgi?id=1191818
- https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.