CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.5%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 4.8

References

https://bugzilla.suse.com/show_bug.cgi?id=1191819
https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx
https://bugzilla.suse.com/show_bug.cgi?id=1191819
https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx

Products affected by CVE-2021-36780

Linuxfoundation » Longhorn » Version: Any

cpe:2.3:a:linuxfoundation:longhorn:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36780

Products

Pricing

Contact Us