CVE-2021-36779

Summary

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

Affected Software

VendorProductVersion RangeStatus
SUSELonghornlonghorn < 1.1.3affected
SUSELonghornlonghorn < 1.2.3affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References