puppet-tripleo prior to 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack puppet-tripleo 5.5.0 |
||
openstack puppet-tripleo 6.2.0 |
||
redhat openstack 10 |