CVE-2023-3153 – Service monitor mac flow is not rate limited
https://notcve.org/view.php?id=CVE-2023-3153
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. Se encontró una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el límite. Este problema podría permitir que un atacante provoque una denegación de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente. • https://access.redhat.com/security/cve/CVE-2023-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2213279 https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd https://github.com/ovn-org/ovn/issues/198 https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-0567 – ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod
https://notcve.org/view.php?id=CVE-2022-0567
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable. Se ha encontrado un fallo en ovn-kubernetes. Este fallo permite a un administrador del sistema o a un atacante con privilegios crear una política de red de salida que omita las políticas de entrada existentes de otros pods en un clúster, permitiendo que el tráfico de red acceda a pods que no deberían ser accesibles. • https://bugzilla.redhat.com/show_bug.cgi?id=2053326 https://access.redhat.com/security/cve/CVE-2022-0567 • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation •
CVE-2021-3499
https://notcve.org/view.php?id=CVE-2021-3499
A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service. Se ha encontrado una vulnerabilidad en OVN Kubernetes en las versiones hasta 0.3.0 incluyéndola, en la que Egress Firewall no aplica de forma fiable las reglas del firewall cuando se presentan múltiples reglas DNS. Esto podría conllevar una posible pérdida de la confidencialidad, integridad o disponibilidad de un servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1949188 • CWE-863: Incorrect Authorization •