Longhorn has a vulnerability (CVE-2021-36780 ) in all versions of the 1.2.x branch prior to v 1.2.3 and in all versions prior to v.1.1.3 that allows unauthenticated attackers to access data in a Longhorn replica. An attacker with access to a cluster’s internal network can:
- read data in any Longhorn volume
- write data to any Longhorn volume
This vulnerability was discovered while investigating the vulnerability disclosed in CVE-2021-36779.