CVE-2014-0135

Name of the Vulnerable Software and Affected Versions Kafo versions 0.3.x through 0.3.16 Kafo versions 0.4.x through 0.4.x before 0.5.2

Description The issue allows local users to obtain passwords and other sensitive information by reading the default values.yaml file due to world-readable permissions.

Recommendations For Kafo versions 0.3.x through 0.3.16, update to version 0.3.17 or later. For Kafo versions 0.4.x through 0.4.x before 0.5.2, update to version 0.5.2 or later. As a temporary workaround, consider changing the permissions of the default values.yaml file to restrict access until a patch is available.