← voltar
CVE-2021-36779

Host operations allowed in privileged Longhorn managed pods

CVSS 9.6 CRITICALEPSS 0.7%CWE-306
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
SUSE · Longhorn

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.suse.com/show_bug.cgi?id=1191818https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx