CVE-2016-9590
published 2018-04-26CVE-2016-9590: puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet-module-swift | < puppet-module-swift 9.4.4-1 (bookworm) | puppet-module-swift 9.4.4-1 (bookworm) |
| openstack | puppet-swift | >= 8.0.0 < 8.2.1 | 8.2.1 |
| openstack | puppet-swift | >= 9.0.0 < 9.4.4 | 9.4.4 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM