CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
Configurations

Configuration 1

cpe:2.3:a:wtfutil:wtf:*:*:*:*:*:*:*:*

Information

Published : 2019-08-28 03:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-15716

Mitre link : CVE-2019-15716

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions