PT-2019-14340 · Wtf · Wtf

Senorprogrammer

Published

2019-08-28

Updated

2020-08-24

CVE-2019-15716

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WTF versions prior to 0.19.0

Description The issue concerns the permissions of the config.yml file, which might be misconfigured or based on unsafe OS defaults, potentially allowing local attackers to read sensitive information such as passwords or API keys.

Recommendations For versions prior to 0.19.0, ensure the permissions of the config.yml file are properly set to prevent unauthorized access. As a temporary workaround, consider manually configuring the permissions of the config.yml file to restrict access until a fixed version is available.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2019-15716

Affected Products

Wtf

PT-2019-14340 · Wtf · Wtf

CVE-2019-15716

Weakness Enumeration

Related Identifiers

Affected Products

References · 5