Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-5001
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-5001",
"description": "lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.",
"id": "GSD-2014-5001"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "kcapifony",
"purl": "pkg:gem/kcapifony"
}
}
],
"aliases": [
"CVE-2014-5001",
"OSVDB-108571"
],
"details": "kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.",
"id": "GSD-2014-5001",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5001"
}
],
"schema_version": "1.4.0",
"summary": "kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem kcapifony-2.1.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/21"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-5001",
"date": "2014-06-30",
"description": "kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.",
"gem": "kcapifony",
"osvdb": 108571,
"title": "kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5001"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=2.1.6",
"affected_versions": "Version 2.1.6",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "It contains a flaw in /lib/ksymfony1.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.",
"fixed_versions": [],
"identifier": "CVE-2014-5001",
"identifiers": [
"CVE-2014-5001"
],
"package_slug": "gem/kcapifony",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command injection vulnerability",
"urls": [
"http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html"
],
"uuid": "5f88fd76-68dd-486c-9af5-801cd8a26acf"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kcapifony_project:kcapifony:2.1.6:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5001"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem kcapifony-2.1.6",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/21"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T19:02Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}