WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse webyast 1.3 |
||
suse studio onsite 1.3 |
||
novell suse lifecycle management server 1.3 |