{"id":"CVE-2021-36780","details":"A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.","modified":"2026-04-10T04:36:05.742728Z","published":"2021-12-17T09:15:07.047Z","related":["GHSA-g358-m2wp-mhhx"],"references":[{"type":"ADVISORY","url":"https://github.com/longhorn/longhorn/security/advisories/GHSA-g358-m2wp-mhhx"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1191819"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/longhorn/longhorn","events":[{"introduced":"0"},{"fixed":"5bfa702bf50913282236272abd468fc5121c3b9d"},{"introduced":"84d2f4891204cd5fae32735482c9f65eaa49e3ad"},{"fixed":"bc2987225f079fdc44b8b5df05c22151a9e72096"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.3"},{"introduced":"1.2.0"},{"fixed":"1.2.3"}]}}],"versions":["v0.2.0","v0.3.0","v0.3.1","v0.3.1-rc1","v0.3.2","v0.3.3","v0.6.0","v0.6.1","v0.6.2","v1.1.2","v1.1.2-rc1","v1.1.3-rc1","v1.1.3-rc2","v1.1.3-rc3","v1.2.1","v1.2.1-rc1","v1.2.1-rc2","v1.2.2","v1.2.3-rc1","v1.2.3-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36780.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}