CVSS 3 Base Score: Posted On: August 31, 2015Assessed Risk Level: Medium Previous versions of the README for the puppetlabs-firewall module contained examples of configurations using the `port` parameter instead of referencing `dport` and `sport`. Following these examples explicitly could result in firewall rules that are unintentionally permissive. It is recommended to always use the specific `dport` and `sport` parameters. With the puppetlabs-firewall 1.7.1 release, the `port` parameter is now deprecated and will be removed in the next major release. If any manifests using puppetlabs-firewall's `firewall` resource are configured to use the `port` parameter, users should update those manifests to use the specific `dport` or `sport` parameters instead. Thanks to Narayan Newton of Tag1 Consulting for responsibly disclosing this issue to us. Status:Affected software versions:puppetlabs-firewall 1.7.0 and earlierResolved in:puppetlabs-firewall 1.7.1← Back to CVE Listings
