{
  "threat_severity" : "Moderate",
  "public_date" : "2017-01-12T00:00:00Z",
  "bugzilla" : {
    "description" : "puppet-swift: installs config file with world readable permissions",
    "id" : "1410293",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410293"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.", "An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions." ],
  "acknowledgement" : "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)",
    "release_date" : "2017-01-26T00:00:00Z",
    "advisory" : "RHSA-2017:0200",
    "cpe" : "cpe:/a:redhat:openstack:10::el7",
    "package" : "puppet-swift-0:9.4.3-3.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8.0 (Liberty)",
    "release_date" : "2017-03-01T00:00:00Z",
    "advisory" : "RHSA-2017:0361",
    "cpe" : "cpe:/a:redhat:openstack:8::el7",
    "package" : "openstack-puppet-modules-1:7.1.5-2.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9.0 (Mitaka)",
    "release_date" : "2017-03-01T00:00:00Z",
    "advisory" : "RHSA-2017:0359",
    "cpe" : "cpe:/a:redhat:openstack:9::el7",
    "package" : "openstack-puppet-modules-1:8.1.10-2.el7ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)",
    "fix_state" : "Not affected",
    "package_name" : "openstack-puppet-modules",
    "cpe" : "cpe:/a:redhat:openstack:7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 11 (Ocata)",
    "fix_state" : "Not affected",
    "package_name" : "puppet-swift",
    "cpe" : "cpe:/a:redhat:openstack:11"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-9590\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9590" ],
  "name" : "CVE-2016-9590",
  "csaw" : false
}