Fixes a local vulnerability
Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116)
-
Submitted by
Ladislav Slezák (lslezak)
Fixed bugs
bnc#851116
VUL-0: CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution
Selected Binaries
webyast-base
webyast-base-branding-default
webyast-base-testsuite
