CVE-2016-9599 – puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud

https://notcve.org/view.php?id=CVE-2016-9599

06 Jan 2017 — puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. puppet-tripleo, en versiones anteriores a la 5.5.0 y la 6.2.0, es vulnerable a un error de control de acceso en la gestión de reglas IPtables, que permite la creación de reglas TCP/UDP con valores de puerto vacíos. Si SSL... • http://rhn.redhat.com/errata/RHSA-2017-0025.html • CWE-284: Improper Access Control •