PT-2021-21352 · Suse · Longhorn
Dagan Henderson
+1
·
Published
2021-12-17
·
Updated
2023-02-10
·
CVE-2021-36780
CVSS v3.1
8.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SUSE Longhorn longhorn versions prior to 1.1.3
longhorn versions prior to 1.2.3v
Description
A Missing Authentication for Critical Function issue in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance, granting them the ability to read and write data to and from a replica that they should not have access to.
Recommendations
For SUSE Longhorn longhorn versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.
For longhorn versions prior to 1.2.3v, update to version 1.2.3v or later to resolve the issue.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Longhorn