CVE-2014-4999

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.

Ссылки

http://www.openwall.com/lists/oss-security/2014/07/07/19
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/17/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/07/19
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/17/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kajam_project:kajam:1.0.3:rc2:*:*:*:ruby:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-4ph7-5c44-pppv