CVE-2021-36779

CRITICAL

Longhorn < 1.1.3 - Unauthenticated Arbitrary Binary Execution

Title source: llm

Description

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

References (2)

Core 2

Core References

Issue Tracking, Vendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1191818

Vendor Advisory

https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx

Scores

CVSS v3 9.6

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

linuxfoundation/longhorn < 1.1.3

Published Dec 17, 2021

Tracked Since Feb 18, 2026