// For flags

CVE-2013-3709

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

WebYaST v1.3 usa permisos débiles en config/initializers/secret_token.rb, lo que permite a usuarios locales obtener privilegios mediante la lectura del token secreto de Rails de este archivo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-05-30 CVE Reserved
  • 2013-12-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Suse Lifecycle Management Server
Search vendor "Novell" for product "Suse Lifecycle Management Server"
1.3
Search vendor "Novell" for product "Suse Lifecycle Management Server" and version "1.3"
-
Affected
Suse
Search vendor "Suse"
Studio Onsite
Search vendor "Suse" for product "Studio Onsite"
1.3
Search vendor "Suse" for product "Studio Onsite" and version "1.3"
-
Affected
Suse
Search vendor "Suse"
Webyast
Search vendor "Suse" for product "Webyast"
1.3
Search vendor "Suse" for product "Webyast" and version "1.3"
-
Affected