Tore Anderson

**Name of the Vulnerable Software and Affected Versions** Open Virtual Network (OVN) (affected versions not specified) **Description** A flaw was found in the Open Virtual Network (OVN) that allows specially crafted UDP packets to bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. The OVN installation is vulnerable if a logical switch has DNS records set on it and if the same switch has any egress ACLs configured on it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions 23 through 23.2.0 OpenStack Neutron versions 24 through 24.0.1 OpenStack Neutron versions 25 through 25.0.0 Description: The issue affects OpenStack Neutron, where the neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. This results in the failure to apply the proper policy check for changing network tags. As a consequence, an unprivileged tenant can change (add and clear) tags on network objects that do not belong to the tenant without being subjected to the proper policy authorization check. Recommendations: For OpenStack Neutron versions 23 through 23.2.0, update to version 23.2.1 or later. For OpenStack Neutron versions 24 through 24.0.1, update to version 24.0.2 or later. For OpenStack Neutron versions 25 through 25.0.0, update to version 25.0.1 or later.