PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.
Related bugs and status
CVE-2011-1500 (Candidate)
is related to these bugs: