← volver
CVE-2021-36779

Host operations allowed in privileged Longhorn managed pods

CVSS 9.6 CRITICALEPSS 0.7%CWE-306
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
SUSE · Longhorn

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=1191818https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx