CVE-2019-15716

Name of the Vulnerable Software and Affected Versions WTF versions prior to 0.19.0

Description The issue concerns the permissions of the config.yml file, which might be misconfigured or based on unsafe OS defaults, potentially allowing local attackers to read sensitive information such as passwords or API keys.

Recommendations For versions prior to 0.19.0, ensure the permissions of the config.yml file are properly set to prevent unauthorized access. As a temporary workaround, consider manually configuring the permissions of the config.yml file to restrict access until a fixed version is available.