← back
CVE-2021-36779

Host operations allowed in privileged Longhorn managed pods

CVSS 9.6 CRITICALEPSS 0.7%CWE-306
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
SUSE · Longhorn

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1191818https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx