CVE-2016-2121 — Incorrect Permission Assignment in Redhat Openstack

CWE-732 — Incorrect Permission Assignment CWE-2648 documents8 sources

Severity

5.5MEDIUMNVD

CNA4.0

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redis Redhat Openstack

Timeline

PublishedOct 31

Latest updateMay 13

Description

A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianredis/redis< 3:3.2.5-2+3

▶NVDredhat/openstack10

🔴Vulnerability Details

GHSA

GHSA-6837-f96c-5j64: A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive informati↗2022-05-13

▶

OSV

CVE-2016-2121: A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive informati↗2018-10-31

▶

CVEList

CVE-2016-2121: A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive informati↗2018-10-31

▶

💥Exploits & PoCs

Exploit-DB

Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting↗2017-03-01

▶

📋Vendor Advisories

Red Hat

redis: weak permissions on sensitive files↗2016-11-01

▶

Debian

CVE-2016-2121: redis - A permissions flaw was found in redis, which sets weak permissions on certain fi...↗2016

▶

💬Community

Bugzilla

CVE-2016-2121 redis: weak permissions on sensitive files↗2016-11-01

▶