CVE-2013-3709

Currently unrated

Key Information:

Vendor: Suse
Status: Studio Onsite; Suse Lifecycle Management Server; Webyast
Vendor: CVE Published:; 23 December 2013

Summary

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

References

http://lists.opensuse.org/opensuse-security-announce/2013...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2013...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 23, 2013
Vulnerability Reserved
May 30, 2013