Improper Authorization in OVN Kubernetes

#VU54393 Improper Authorization in OVN Kubernetes

Published: 2021-06-25

Vulnerability identifier: #VU54393

Vulnerability risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3499

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OVN Kubernetes
Server applications / Other server solutions

Vendor: Open Virtual Network

Description

The vulnerability allows a remote attacker to gain access to restricted resources.

The vulnerability exists in OVN Kubernetes where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. A remote attacker can gain unauthorized access to the protected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OVN Kubernetes: 0.1.0 - 0.3.0

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1949188

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenShift Container Platform

Security restrictions bypass in OVN Kubernetes