CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*

History

10 Nov 2022, 15:15

Type Values Removed Values Added
Summary A Improper Access Control vulnerability inf SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

27 Oct 2022, 16:37

Type Values Removed Values Added
CWE CWE-284 CWE-306

30 Dec 2021, 15:50

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191818 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191818 - Issue Tracking, Vendor Advisory
References (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 8.3
v3 : 9.6
CPE cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*
First Time Linuxfoundation
Linuxfoundation longhorn

17 Dec 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-17 09:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-36779

Mitre link : CVE-2021-36779

CVE.ORG link : CVE-2021-36779


JSON object : View

Products Affected

linuxfoundation

  • longhorn
CWE
CWE-306

Missing Authentication for Critical Function