PT-2021-21350 · Suse · Suse Longhorn
Dagan Henderson
+1
·
Published
2021-12-17
·
Updated
2023-02-10
·
CVE-2021-36779
CVSS v3.1
9.6
Critical
| Vector | AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUSE Longhorn versions prior to 1.1.3
SUSE Longhorn versions prior to 1.2.3
Description
A Missing Authentication for Critical Function issue in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication.
Recommendations
For SUSE Longhorn versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.
For SUSE Longhorn versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Longhorn