← back
CVE-2019-15716

CVE-2019-15716

EPSS 0.5%
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfg/config_files.go#L71-L72https://github.com/wtfutil/wtf/compare/v0.18.0...v0.19.0https://github.com/wtfutil/wtf/issues/517