CVE-2021-36779

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-36779

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36779.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36779

Related

GHSA-g358-m2wp-mhhx

Published

2021-12-17T09:15:06.923Z

Modified

2026-02-13T02:24:46.342702Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

References

Affected packages

Git / github.com/longhorn/longhorn

Affected ranges

Type: GIT
Repo: https://github.com/longhorn/longhorn
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5bfa702bf50913282236272abd468fc5121c3b9d

Introduced

84d2f4891204cd5fae32735482c9f65eaa49e3ad

Fixed

bc2987225f079fdc44b8b5df05c22151a9e72096

Affected versions

v1.*

v1.1.2

v1.1.2-rc1

v1.2.0

v1.2.1

v1.2.1-rc1

v1.2.1-rc2

v1.2.2

v1.2.3-rc1

v1.2.3-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36779.json"