In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firewall | Puppet | * | 3.4.0 (excluding) |
Red Hat OpenStack Platform 16.1 | RedHat | puppet-firewall-0:3.4.0-1.94f707cgit.el8ost | * |
Red Hat OpenStack Platform 16.2 | RedHat | puppet-firewall-0:3.4.0-1.94f707cgit.el8ost | * |
Puppet-module-puppetlabs-firewall | Ubuntu | bionic | * |
Puppet-module-puppetlabs-firewall | Ubuntu | impish | * |
Puppet-module-puppetlabs-firewall | Ubuntu | kinetic | * |
Puppet-module-puppetlabs-firewall | Ubuntu | lunar | * |
Puppet-module-puppetlabs-firewall | Ubuntu | mantic | * |
Puppet-module-puppetlabs-firewall | Ubuntu | trusty | * |
Puppet-module-puppetlabs-firewall | Ubuntu | xenial | * |
Attackers can sometimes bypass input validation schemes by finding inputs that appear to be safe, but will be dangerous when processed at a lower layer or by a downstream component. For example, a simple XSS protection mechanism might try to validate that an input has no “” tags using case-sensitive matching, but since HTML is case-insensitive when processed by web browsers, an attacker could inject “” and trigger XSS.