PT-2018-5103 · Red Hat+1 · Red Hat Openstack Platform+1

Hans Feldt

Publicado

2018-04-26

Atualizado

2021-08-04

CVE-2016-9590

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions puppet-swift versions prior to 8.2.1 puppet-swift versions prior to 9.4.4

Description The issue concerns an information-disclosure problem in Red Hat OpenStack Platform director's installation of Object Storage (swift). It occurs because the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

Recommendations For versions prior to 8.2.1, update to version 8.2.1 or later. For versions prior to 9.4.4, update to version 9.4.4 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-9590

RHSA-2017:0200

RHSA-2017:0359

RHSA-2017:0361

Produtos afetados

Red Hat Openstack Platform

Puppet-Swift

PT-2018-5103 · Red Hat+1 · Red Hat Openstack Platform+1

CVE-2016-9590

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12