CVE-2019-15716
N/A
N/A
Summary
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/wtfutil/wtf/compare/v0.18.0…v0.19.0
- https://github.com/wtfutil/wtf/issues/517
- https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfg/config_files.go#L71-L72
References
- https://github.com/wtfutil/wtf/compare/v0.18.0…v0.19.0
- https://github.com/wtfutil/wtf/issues/517
- https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfg/config_files.go#L71-L72
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.