11 matches found
EUVD-2016-10403
Malware in sbrugna...
RHSA-2017:0025 Red Hat Security Advisory: puppet-tripleo security update
Bulletin has no description...
puppet-tripleo unauthorized access vulnerability
puppet-tripleo is an open source tool for installing, upgrading and operating on OpenStack. A security vulnerability exists in puppet-tripleo versions prior to 5.5.0 and prior to 6.2.0. The vulnerability can be exploited by an attacker to create TCP/UDP rules with the help of empty port values to...
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...
Design/Logic Flaw
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...
CVE-2016-9599
puppet-tripleo vulnerable to an access-control flaw in IPtables rules management prior to versions 5.5.0 and 6.2.0. The issue allows creation of TCP/UDP rules with empty port values, which can be exploited to access unauthorized resources when SSL is enabled. Affected component: puppet-tripleo IP...
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...
Important: Red Hat Security Advisory: puppet-tripleo security update
An update for puppet-tripleo is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud
An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $publicsslport value was set to...
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...