CVE-2016-9590

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9590
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9590.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9590
Downstream
Published
2018-04-26T17:29:00.230Z
Modified
2026-04-01T23:55:58.103376Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

References

Affected packages

Git / github.com/openstack/puppet-swift

Affected ranges

Type
GIT
Repo
https://github.com/openstack/puppet-swift
Events
Introduced
7f8469a6c8a0dd600c81a5a4697b3e0dc873744d
Fixed
7ed0b70294a07e514fbd12a74a424de0c5bad0f5
Introduced
fbc530a9d3912ccaaa00df463237d1339e88be52
Fixed
f75979a613b1cc745e95498f10c69c4a421f271e
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.2.1"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.4.4"
        }
    ]
}

Affected versions

10.*
10.0.0
10.1.0
10.2.0
10.2.1
10.3.0
10.3.1
10.4.0
11.*
11.0.0
11.1.0
11.2.0
11.3.0
11.3.1
11.4.0
11.6.0
12.*
12.0.0
12.0.1
12.1.0
12.2.0
12.3.0
12.4.0
13.*
13.0.0
13.1.0
13.3.0
13.3.1
14.*
14.1.0
14.2.0
14.3.0
14.4.0
15.*
15.0.0
15.1.0
15.2.0
15.4.0
15.5.0
16.*
16.0.0
16.1.0
16.2.0
16.2.1
16.3.0
16.4.0
17.*
17.1.0
17.2.0
17.3.0
17.4.0
17.4.1
17.5.0
18.*
18.0.0
18.1.0
18.2.0
18.3.0
18.4.0
18.5.0
18.6.0
19.*
19.0.0
19.1.0
19.2.0
19.3.0
19.4.0
19.5.0
20.*
20.0.0
20.1.0
20.2.0
20.3.0
20.4.0
20.4.1
2023.*
2023.1-eom
2023.2-eol
21.*
21.0.0
21.0.1
22.*
22.0.0
22.0.1
23.*
23.0.0
23.0.1
24.*
24.0.0
25.*
25.0.0
26.*
26.0.0
27.*
27.0.0
8.*
8.0.0
8.1.0
8.2.0
9.*
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.4.1
9.4.2
9.4.3
Other
ocata-em
ocata-eol
pike-em
pike-eol
queens-em
queens-eol
rocky-em
rocky-eol
stein-em
stein-eol
train-em
train-eol
ussuri-em
ussuri-eol
victoria-em
victoria-eol
wallaby-em
wallaby-eol
wallaby-eom
xena-em
xena-eol
xena-eom
yoga-eol
yoga-eom
zed-eom

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9590.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    }
]