Security Advisories for Longhorn CVE-2021-36779 & CVE-2021-36780
David Ko | December 17, 2021
There are two vulnerabilities found in released versions (< 1.1.3, < 1.2.3) as below. They have been fixed in the latest releases (1.1.3, 1.2.3). For more details, see each issue and security advisories.
The privileged pods are managed by Longhorn running on every node for volume replica management in a Kubernetes cluster. Each pod container runs as root and exposes a gRPC service on TCP port 8500. The service is accessible by any workload in the cluster without authentication. A malicious workload can take advantage of this service to execute any binary present in the image on the host.
The Longhorn instance manager pods are responsible for volume replica management and access. The vulnerability issue is found that it is possible to connect to a longhorn-engine replica instance running in the instance-manager replica pod. The longhorn-engine replica can handle multiple TCP connections. Each connection is able to read and write data on the replica. It may allow other pods in the cluster to read and write data to and from a replica that the malicious pod doesn’t have access to.
There are no workarounds/mitigations. Please upgrade the Longhorn cluster to 1.1.3 or 1.2.3 to resolve the issue.
Thanks to Dagan Henderson and Will Kline for reporting this vulnerability issue.
Recent postsLonghorn 1.4.1 released
© 2019-2023 Longhorn Authors | Documentation Distributed under CC-BY-4.0
© 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.