{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T07:36:54.818","vulnerabilities":[{"cve":{"id":"CVE-2021-36779","sourceIdentifier":"meissner@suse.de","published":"2021-12-17T09:15:06.923","lastModified":"2024-11-21T06:14:04.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3."},{"lang":"es","value":"Una vulnerabilidad de falta de autenticación para funciones críticas en SUSE Longhorn permite que cualquier carga de trabajo en el clúster ejecute cualquier binario presente en la imagen del host sin autenticación. Este problema afecta a: Las versiones de SUSE Longhorn anteriores a la 1.1.3; las versiones de Longhorn anteriores a la 1.2.3"}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:C/A:C","baseScore":8.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.5,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.3","matchCriteriaId":"ACC59D6B-78C0-4A58-B819-2E333591E5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:longhorn:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.2.3","matchCriteriaId":"677170E4-EBEF-4131-9B58-6A0308273181"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1191818","source":"meissner@suse.de","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx","source":"meissner@suse.de","tags":["Vendor Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1191818","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}