Vulnerability Details CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://rhn.redhat.com/errata/RHSA-2017-0200.html
- http://rhn.redhat.com/errata/RHSA-2017-0359.html
- http://rhn.redhat.com/errata/RHSA-2017-0361.html
- http://www.securityfocus.com/bid/95448
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590
- http://rhn.redhat.com/errata/RHSA-2017-0200.html
- http://rhn.redhat.com/errata/RHSA-2017-0359.html
- http://rhn.redhat.com/errata/RHSA-2017-0361.html
- http://www.securityfocus.com/bid/95448
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590
Products affected by CVE-2016-9590
-
cpe:2.3:a:openstack:puppet-swift:8.0.0
-
cpe:2.3:a:openstack:puppet-swift:8.1.0
-
cpe:2.3:a:openstack:puppet-swift:8.2.0
-
cpe:2.3:a:openstack:puppet-swift:9.0.0
-
cpe:2.3:a:openstack:puppet-swift:9.1.0
-
cpe:2.3:a:openstack:puppet-swift:9.2.0
-
cpe:2.3:a:openstack:puppet-swift:9.3.0
-
cpe:2.3:a:openstack:puppet-swift:9.4.0
-
cpe:2.3:a:openstack:puppet-swift:9.4.1
-
cpe:2.3:a:openstack:puppet-swift:9.4.2
-
cpe:2.3:a:openstack:puppet-swift:9.4.3
-
cpe:2.3:a:redhat:openstack:10
-
cpe:2.3:a:redhat:openstack:8
-
cpe:2.3:a:redhat:openstack:9