2 matches found
CVE-2019-15716
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...
CVE-2019-15716
CVE-2019-15716 affects the WTF utility prior to version 0.19.0, where the permissions on the sensitive file config.yml may be misconfigured, enabling local attackers to read passwords or API keys. The issue is rooted in improper access controls for this config file. Public documentation confirms ...