A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1191818 | Issue Tracking Vendor Advisory |
https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. |
27 Oct 2022, 16:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
30 Dec 2021, 15:50
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191818 - Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 9.6 |
CPE | cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:* | |
First Time |
Linuxfoundation
Linuxfoundation longhorn |
17 Dec 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-17 09:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-36779
Mitre link : CVE-2021-36779
CVE.ORG link : CVE-2021-36779
JSON object : View
Products Affected
linuxfoundation
- longhorn
CWE
CWE-306
Missing Authentication for Critical Function