Vulnerability Description
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lean-Ruport Project | Lean-Ruport | 0.3.8 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/07/07/18Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing ListThird Party Advisory
- http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.htmlExploitThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/07/18Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing ListThird Party Advisory
- http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.htmlExploitThird Party Advisory
FAQ
What is CVE-2014-4998?
CVE-2014-4998 is a vulnerability with a CVSS score of 7.8 (HIGH). test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
How severe is CVE-2014-4998?
CVE-2014-4998 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4998?
Check the references section above for vendor advisories and patch information. Affected products include: Lean-Ruport Project Lean-Ruport.