Vulnerability Description
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
CVSS Score
5.5
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wtfutil | Wtf | < 0.19.0 |
Related Weaknesses (CWE)
References
- https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfgExploitThird Party Advisory
- https://github.com/wtfutil/wtf/compare/v0.18.0...v0.19.0PatchThird Party Advisory
- https://github.com/wtfutil/wtf/issues/517Third Party Advisory
- https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfgExploitThird Party Advisory
- https://github.com/wtfutil/wtf/compare/v0.18.0...v0.19.0PatchThird Party Advisory
- https://github.com/wtfutil/wtf/issues/517Third Party Advisory
FAQ
What is CVE-2019-15716?
CVE-2019-15716 is a vulnerability with a CVSS score of 5.5 (MEDIUM). WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe...
How severe is CVE-2019-15716?
CVE-2019-15716 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15716?
Check the references section above for vendor advisories and patch information. Affected products include: Wtfutil Wtf.