Solution
Please Install the Updated Packages.
Insight
Fixed CVE-2013-3709: make the secret token file
(secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit)
Affected
Fixes on openSUSE 12.2
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3709 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities