Platform
kubernetes
Component
longhorn
Fixed in
1.1.3
1.2.3
CVE-2021-36779 describes a critical Missing Authentication for Critical Function vulnerability in SUSE Longhorn. This flaw allows any workload within the Kubernetes cluster to execute arbitrary binaries on the host system, effectively granting complete control. The vulnerability impacts versions of Longhorn prior to 1.1.3 and specifically those prior to 1.2.3. A fix is available in version 1.2.3.
The impact of CVE-2021-36779 is severe. An attacker, through a compromised workload, can execute any binary present in the container image directly on the Longhorn host. This bypasses all authentication and authorization mechanisms, enabling privilege escalation and complete system takeover. Attackers could steal sensitive data, install malware, or pivot to other systems within the network. The blast radius extends to the entire Kubernetes cluster, as a single compromised workload can potentially compromise the entire infrastructure. This vulnerability shares similarities with container escape vulnerabilities where a process within a container gains access to the host's filesystem and privileges.
CVE-2021-36779 was publicly disclosed on December 17, 2021. While no active exploitation campaigns have been definitively confirmed, the critical severity and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the feasibility of the attack.
Exploit Status
EPSS
0.05% (17% percentile)
CVSS Vector
The primary mitigation for CVE-2021-36779 is to immediately upgrade SUSE Longhorn to version 1.2.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict workload access to the Longhorn host by implementing network policies and limiting the capabilities of container images. Implement robust monitoring of host activity, specifically looking for unexpected processes or file modifications. Consider using a Web Application Firewall (WAF) or proxy to filter traffic and block malicious requests, although this is less effective against internal exploits. After upgrading, confirm the fix by attempting to execute a non-privileged command from a container and verifying that it is denied.
Update Longhorn to version 1.1.3 or higher, or to version 1.2.3 or higher. This corrects the lack of authentication that allows the execution of binaries on the host without authorization. The update mitigates the risk of unauthorized workloads executing arbitrary code on the host.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-36779 is a critical vulnerability in SUSE Longhorn allowing workloads to execute binaries on the host without authentication, potentially leading to complete system compromise.
You are affected if you are running SUSE Longhorn versions prior to 1.2.3. Versions 1.1.3 and earlier are vulnerable.
Upgrade SUSE Longhorn to version 1.2.3 or later to resolve the vulnerability. Consider temporary workarounds like restricting workload access if immediate upgrade is not possible.
While no confirmed active exploitation campaigns have been publicly reported, the critical severity and availability of proof-of-concept exploits suggest a high likelihood of exploitation.
Refer to the SUSE Security Advisory for detailed information and mitigation guidance: https://www.suse.com/security/cve/CVE-2021-36779/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.