Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-4997
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
point-cli Gem for Ruby contains a flaw in /lib/commands/setup.rb that is due to the application exposing credential information in plaintext in the process table. This may allow a local attacker to gain access to credential information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4997",
"description": "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.",
"id": "GSD-2014-4997"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "point-cli",
"purl": "pkg:gem/point-cli"
}
}
],
"aliases": [
"CVE-2014-4997",
"OSVDB-108577"
],
"details": "point-cli Gem for Ruby contains a flaw in /lib/commands/setup.rb that is due to the application exposing credential information in plaintext in the process table. This may allow a local attacker to gain access to credential information.",
"id": "GSD-2014-4997",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4997"
}
],
"schema_version": "1.4.0",
"summary": "point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/16"
},
{
"name": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html"
},
{
"name": "68735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68735"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-4997",
"date": "2014-06-30",
"description": "point-cli Gem for Ruby contains a flaw in /lib/commands/setup.rb that is due to the application exposing credential information in plaintext in the process table. This may allow a local attacker to gain access to credential information.",
"gem": "point-cli",
"osvdb": 108577,
"title": "point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4997"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.0.1",
"affected_versions": "Version 0.0.1",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "The application is exposing credential information in plaintext in the process table due to a flaw in /lib/commands/setup.rb. This may allow a local attacker to gain access to credential information. ",
"fixed_versions": [],
"identifier": "CVE-2014-4997",
"identifiers": [
"CVE-2014-4997"
],
"package_slug": "gem/point-cli",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Leak of credential information in process table",
"urls": [
"http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html"
],
"uuid": "e41cbdb6-b6d9-4137-8da8-78be5382ccdd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:point-cli_project:point-cli:0.0.1:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4997"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html"
},
{
"name": "68735",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68735"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/16"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T18:17Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}