CVE-2021-36779 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-36779 Interim 1 5 2023-01-20T00:57:14Z current 2021-12-18T02:00:20Z 2023-01-20T00:57:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-36779 A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://github.com/longhorn/longhorn/security/advisories//GHSA-g358-m2wp-mhhx E-Mail link for GHSA-g358-m2wp-mhhx https://www.suse.com/support/security/rating/ SUSE Security Ratings A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. CVE-2021-36779 critical 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H