A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1191819 | Issue Tracking Vendor Advisory |
https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. |
27 Oct 2022, 16:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
30 Dec 2021, 15:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linuxfoundation
Linuxfoundation longhorn |
|
CPE | cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.8
v3 : 8.1 |
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191819 - Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Third Party Advisory |
17 Dec 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-17 09:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-36780
Mitre link : CVE-2021-36780
CVE.ORG link : CVE-2021-36780
JSON object : View
Products Affected
linuxfoundation
- longhorn
CWE
CWE-306
Missing Authentication for Critical Function