nvd-json-data-feeds/CVE-2021/CVE-2021-34xx/CVE-2021-3499.json

{
  "id": "CVE-2021-3499",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2021-06-02T16:15:10.320",
  "lastModified": "2023-02-12T23:41:11.097",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en OVN Kubernetes en las versiones hasta 0.3.0 incluy\u00e9ndola, en la que Egress Firewall no aplica de forma fiable las reglas del firewall cuando se presentan m\u00faltiples reglas DNS. Esto podr\u00eda conllevar una posible p\u00e9rdida de la confidencialidad, integridad o disponibilidad de un servicio"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ovn:ovn-kubernetes:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.3.0",
              "matchCriteriaId": "0CD8D000-5096-4239-B38F-A753F4B5189D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949188",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}