Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-4993
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
backup-agoddard Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4993",
"description": "(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.",
"id": "GSD-2014-4993"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "backup-agoddard",
"purl": "pkg:gem/backup-agoddard"
}
}
],
"aliases": [
"CVE-2014-4993",
"OSVDB-108578"
],
"details": "backup-agoddard Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.",
"id": "GSD-2014-4993",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4993"
}
],
"schema_version": "1.4.0",
"summary": "backup-agoddard Gem for Ruby /lib/backup/cli/utility.rb Process Table Local Plaintext Password Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup_checksum-3.0.23",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/12"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup-agoddard-3.0.28",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/11"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-4993",
"date": "2014-06-30",
"description": "backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb\nthat is triggered as the program displays password information in plaintext\nin the process list. This may allow a local attacker to gain access to\npassword information.\n",
"gem": "backup_checksum",
"osvdb": 108569,
"title": "backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Process List Local Plaintext Password Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4993"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=3.0.23||=3.0.28",
"affected_versions": "Version 3.0.23, version 3.0.28",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "(1) lib/backup/cli/utility.rb in the backup-agoddard gem and (2) lib/backup/cli/utility.rb in the backup_checksum gem for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.",
"fixed_versions": [
"3.0.27"
],
"identifier": "CVE-2014-4993",
"identifiers": [
"CVE-2014-4993"
],
"not_impacted": "All versions before 3.0.23, all versions after 3.0.23 before 3.0.28, all versions after 3.0.28",
"package_slug": "gem/backup-agoddard",
"pubdate": "2018-01-10",
"solution": "Upgrade to version 3.0.27 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-4993"
],
"uuid": "7212f3d4-b99b-4cf3-806a-11b28f39ae34"
},
{
"affected_range": "=3.0.23",
"affected_versions": "Version 3.0.23",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "If it is used in the context of a RoR application, since the user input isn\u0027t properly sanitized, the method decrypt in `/lib/backup/cli/utility.rb` is vulnerable to command injection.",
"fixed_versions": [],
"identifier": "CVE-2014-4993",
"identifiers": [
"CVE-2014-4993"
],
"not_impacted": "You are not impacted if you don\u0027t send user controlled data to this gem.",
"package_slug": "gem/backup_checksum",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command injection vulnerability",
"urls": [
"http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html"
],
"uuid": "6207597a-829d-47a3-abee-a025e2352332"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:backup_checksum_project:backup_checksum:3.0.23:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:backup-agoddard_project:backup-agoddard:3.0.28:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4993"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html"
},
{
"name": "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup_checksum-3.0.23",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/12"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem backup-agoddard-3.0.28",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/11"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T15:11Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}