CVE-2021-36779

critical

Description

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.

References

https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx

https://bugzilla.suse.com/show_bug.cgi?id=1191818

Details

Source: Mitre, NVD

Published: 2021-12-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.6

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00053