CVE-2016-9590
6.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| unspecified | puppet-swift | puppet-swift 8.2.1 | affected |
| unspecified | puppet-swift | puppet-swift 9.4.4 | affected |
Weaknesses
- CWE-200: CWE-200
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2017-0359.html
- http://www.securityfocus.com/bid/95448
- http://rhn.redhat.com/errata/RHSA-2017-0361.html
- http://rhn.redhat.com/errata/RHSA-2017-0200.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590
References
- http://rhn.redhat.com/errata/RHSA-2017-0359.html
- http://www.securityfocus.com/bid/95448
- http://rhn.redhat.com/errata/RHSA-2017-0361.html
- http://rhn.redhat.com/errata/RHSA-2017-0200.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.