Описание
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:vladtheenterprising_project:vladtheenterprising:0.2.0:*:*:*:*:ruby:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
7 High
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7
github
больше 3 лет назад
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
EPSS
Процентиль: 17%
0.00054
Низкий
7 High
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-200