David B Harris

**Name of the Vulnerable Software and Affected Versions** knowledgetree version 2.0.7 **Description** The issue allows local users to obtain sensitive information, including the username and password for the KnowledgeTree database, due to the Debian package of knowledgetree creating the environment.php file with world-readable permissions. **Recommendations** For knowledgetree version 2.0.7, consider changing the permissions of the environment.php file to prevent world-readable access, and restrict access to sensitive database credentials.