Vulnerability Description
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brbackup Project | Brbackup | 0.1.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/07/10/6Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68506Third Party AdvisoryVDB Entry
- http://www.vapid.dhs.org/advisories/brbackup-0.1.1.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/10/6Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68506Third Party AdvisoryVDB Entry
- http://www.vapid.dhs.org/advisories/brbackup-0.1.1.htmlThird Party Advisory
FAQ
What is CVE-2014-5004?
CVE-2014-5004 is a vulnerability with a CVSS score of 7.8 (HIGH). lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
How severe is CVE-2014-5004?
CVE-2014-5004 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5004?
Check the references section above for vendor advisories and patch information. Affected products include: Brbackup Project Brbackup.