Ianon

**Name of the Vulnerable Software and Affected Versions** Pithos version 0.3.7 **Description** The issue concerns a problem with permissions for the .config/pithos.ini file. This file contains sensitive information, including Pandora credentials. Local users can exploit this by reading the file to obtain these credentials. **Recommendations** For Pithos version 0.3.7, consider restricting access to the .config/pithos.ini file to prevent unauthorized reading of Pandora credentials. As a temporary workaround, restrict permissions on this file to minimize the risk of exploitation.