Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Improper Input Validation
A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service
Permalink: https://github.com/advisories/GHSA-57v4-m9jx-mh8rJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago
CVSS Score: 5.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-57v4-m9jx-mh8r, CVE-2021-3499
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3499
- https://github.com/ovn-org/ovn-kubernetes/pull/2169
- https://bugzilla.redhat.com/show_bug.cgi?id=1949188
- https://access.redhat.com/errata/RHBA-2021:1550
- https://access.redhat.com/security/cve/CVE-2021-3499
- https://github.com/advisories/GHSA-57v4-m9jx-mh8r
Blast Radius: 1.0
Affected Packages
go:github.com/ovn-org/ovn-kubernetes
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 0.3.0
No known fixed version
All affected versions: 0.1.0, 0.2.0, 0.3.0