CVE-2021-3499
MEDIUMovn-kubernetes <= 0.3.0 - Incorrect Authorization in Egress Firewall DNS Rules
Title source: llmDescription
A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1949188
Scores
CVSS v3
5.6
EPSS
0.0080
EPSS Percentile
51.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-863
Status
published
Products (2)
ovn/ovn-kubernetes
< 0.3.0
ovn-org/ovn-kubernetes
0Go
Published
Jun 02, 2021
Tracked Since
Feb 18, 2026