PT-2018-5103 · Red Hat+1 · Red Hat Openstack Platform+1

Hans Feldt

Published

2018-04-26

Updated

2021-08-04

CVE-2016-9590

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions puppet-swift versions prior to 8.2.1 puppet-swift versions prior to 9.4.4

Description The issue concerns an information-disclosure problem in Red Hat OpenStack Platform director's installation of Object Storage (swift). It occurs because the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

Recommendations For versions prior to 8.2.1, update to version 8.2.1 or later. For versions prior to 9.4.4, update to version 9.4.4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-9590

RHSA-2017:0200

RHSA-2017:0359

RHSA-2017:0361

Affected Products

Red Hat Openstack Platform

Puppet-Swift

PT-2018-5103 · Red Hat+1 · Red Hat Openstack Platform+1

CVE-2016-9590

Weakness Enumeration

Related Identifiers

Affected Products

References · 12