3 matches found
Information Disclosure
github.com/wtfutil/wtf is vulnerable to information disclosure. The permissions of config.yml is not set. This allows local attackers to access the file and retrieve confidential information such as passwords or API keys if permissions are incorrectly configured or configured with unsafe OS...
CVE-2019-15716
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...
CVE-2019-15716
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...