{
  "threat_severity" : "Low",
  "public_date" : "2016-11-01T00:00:00Z",
  "bugzilla" : {
    "description" : "redis: weak permissions on sensitive files",
    "id" : "1390588",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1390588"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-732",
  "details" : [ "A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.", "A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information." ],
  "acknowledgement" : "This issue was discovered by Honza Horak (Red Hat) and Remi Collet (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)",
    "release_date" : "2017-11-15T00:00:00Z",
    "advisory" : "RHSA-2017:3226",
    "cpe" : "cpe:/a:redhat:openstack:10::el7",
    "package" : "redis-0:3.0.6-2.el7ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack-optools:7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8 (Liberty)",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8 (Liberty) Operational Tools",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack-optools:8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:9"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9 (Mitaka) Operational Tools",
    "fix_state" : "Will not fix",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack-optools:9"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-redis32-redis",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-2121\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2121" ],
  "name" : "CVE-2016-2121",
  "csaw" : false
}