Information Disclosure

2019-08-2907:17:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

Percentile

5.1%

JSON

github.com/wtfutil/wtf is vulnerable to information disclosure. The permissions of config.yml is not set. This allows local attackers to access the file and retrieve confidential information such as passwords or API keys if permissions are incorrectly configured or configured with unsafe OS defaults.