CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:14

Type Values Removed Values Added
References () https://bugzilla.suse.com/show_bug.cgi?id=1191818 - Issue Tracking, Vendor Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1191818 - Issue Tracking, Vendor Advisory
References () https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Vendor Advisory () https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Vendor Advisory

10 Nov 2022, 15:15

Type Values Removed Values Added
Summary A Improper Access Control vulnerability inf SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

27 Oct 2022, 16:37

Type Values Removed Values Added
CWE CWE-284 CWE-306

30 Dec 2021, 15:50

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191818 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1191818 - Issue Tracking, Vendor Advisory
References (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - (CONFIRM) https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx - Vendor Advisory
CPE cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 8.3
v3 : 9.6

17 Dec 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-17 09:15

Updated : 2024-11-21 06:14


NVD link : CVE-2021-36779

Mitre link : CVE-2021-36779

CVE.ORG link : CVE-2021-36779


JSON object : View

Products Affected

linuxfoundation

  • longhorn
CWE
CWE-306

Missing Authentication for Critical Function