CVE-2013-3709

Name of the Vulnerable Software and Affected Versions WebYaST version 1.3 webyast-base-branding-default (affected versions not specified) webyast-base (affected versions not specified) webyast-base-testsuite (affected versions not specified)

Description The issue allows local users to gain privileges by exploiting weak permissions in the config/initializers/secret token.rb file, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For WebYaST version 1.3, consider restricting access to the config/initializers/secret token.rb file to prevent local users from reading the Rails secret token. For webyast-base-branding-default, webyast-base, and webyast-base-testsuite, at the moment, there is no information about a newer version that contains a fix for this vulnerability.