RSS   Vulnerabilities for 'WTF'   RSS

2019-08-28
 
CVE-2019-15716

CWE-275
 

 
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.

 


Copyright 2021, cxsecurity.com

 

Back to Top