CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:puppet-swift:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:puppet-swift:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-26 17:29

Updated : 2024-02-28 16:25


NVD link : CVE-2016-9590

Mitre link : CVE-2016-9590

CVE.ORG link : CVE-2016-9590


JSON object : View

Products Affected

redhat

  • openstack

openstack

  • puppet-swift
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor