CVE-2013-3709

SUSE WebYaST 1.3 - Local Privilege Escalation via Weak Permissions on Rails Secret Token

Title source: llm
STIX 2.1

Description

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

Scores

EPSS 0.0048
EPSS Percentile 38.0%

Details

CWE
CWE-264
Status published
Products (3)
novell/suse_lifecycle_management_server 1.3
suse/studio_onsite 1.3
suse/webyast 1.3
Published Dec 23, 2013
Tracked Since Feb 18, 2026