Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
puppet-tripleo 安全漏洞
Vulnerability Description
puppet-tripleo是一款用于安装、升级并对OpenStack进行操作的开源工具。 puppet-tripleo 5.5.0之前版本和6.2.0之前版本中存在安全漏洞。攻击者可借助空端口值利用该漏洞创建TCP/UDP规则,获取未授权资源的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A