4 matches found
EUVD-2016-10403
Malware in sbrugna...
Access Control Bypass
puppet-tripleo is is vulnerable to access control bypass. It happens because it does not prevent the creation of TCP/UDP rules with empty port values, allowing the attacker to use these open ports to gain access to unauthorized resources...
puppet-tripleo unauthorized access vulnerability
puppet-tripleo is an open source tool for installing, upgrading and operating on OpenStack. A security vulnerability exists in puppet-tripleo versions prior to 5.5.0 and prior to 6.2.0. The vulnerability can be exploited by an attacker to create TCP/UDP rules with the help of empty port values to...
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...