Platform
kubernetes
Component
longhorn
Opgelost in
1.1.3
1.2.3
CVE-2021-36779 describes a critical Missing Authentication for Critical Function vulnerability in SUSE Longhorn. This flaw allows any workload within the Kubernetes cluster to execute arbitrary binaries on the host system, effectively granting complete control. The vulnerability impacts versions of Longhorn prior to 1.1.3 and specifically those prior to 1.2.3. A fix is available in version 1.2.3.
The impact of CVE-2021-36779 is severe. An attacker, through a compromised workload, can execute any binary present in the container image directly on the Longhorn host. This bypasses all authentication and authorization mechanisms, enabling privilege escalation and complete system takeover. Attackers could steal sensitive data, install malware, or pivot to other systems within the network. The blast radius extends to the entire Kubernetes cluster, as a single compromised workload can potentially compromise the entire infrastructure. This vulnerability shares similarities with container escape vulnerabilities where a process within a container gains access to the host's filesystem and privileges.
CVE-2021-36779 was publicly disclosed on December 17, 2021. While no active exploitation campaigns have been definitively confirmed, the critical severity and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the feasibility of the attack.
Organizations heavily reliant on SUSE Longhorn for persistent storage within their Kubernetes clusters are at significant risk. This includes those using Longhorn in production environments, particularly those with less stringent container security practices or those running older, unpatched versions. Shared Kubernetes hosting environments are also at increased risk, as a compromised container on one tenant could potentially impact other tenants.
• kubernetes / server:
kubectl get pods -o wide | grep longhorn• kubernetes / server:
journalctl -u longhorn -f | grep "authentication bypassed"• kubernetes / server:
kubectl describe pod <pod_name> | grep -i capabilities• kubernetes / server:
kubectl get nodes -o widedisclosure
patch
Exploit Status
EPSS
0.05% (17% percentiel)
CVSS-vector
The primary mitigation for CVE-2021-36779 is to immediately upgrade SUSE Longhorn to version 1.2.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict workload access to the Longhorn host by implementing network policies and limiting the capabilities of container images. Implement robust monitoring of host activity, specifically looking for unexpected processes or file modifications. Consider using a Web Application Firewall (WAF) or proxy to filter traffic and block malicious requests, although this is less effective against internal exploits. After upgrading, confirm the fix by attempting to execute a non-privileged command from a container and verifying that it is denied.
Actualice Longhorn a la versión 1.1.3 o superior, o a la versión 1.2.3 o superior. Esto corrige la falta de autenticación que permite la ejecución de binarios en el host sin autorización. La actualización mitiga el riesgo de que cargas de trabajo no autorizadas ejecuten código arbitrario en el host.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2021-36779 is a critical vulnerability in SUSE Longhorn allowing workloads to execute binaries on the host without authentication, potentially leading to complete system compromise.
You are affected if you are running SUSE Longhorn versions prior to 1.2.3. Versions 1.1.3 and earlier are vulnerable.
Upgrade SUSE Longhorn to version 1.2.3 or later to resolve the vulnerability. Consider temporary workarounds like restricting workload access if immediate upgrade is not possible.
While no confirmed active exploitation campaigns have been publicly reported, the critical severity and availability of proof-of-concept exploits suggest a high likelihood of exploitation.
Refer to the SUSE Security Advisory for detailed information and mitigation guidance: https://www.suse.com/security/cve/CVE-2021-36779/
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.