Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-4998
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
lean-ruport Gem for Ruby contains a flaw in /test/tc_database.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4998",
"description": "test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.",
"id": "GSD-2014-4998"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "lean-ruport",
"purl": "pkg:gem/lean-ruport"
}
}
],
"aliases": [
"CVE-2014-4998",
"OSVDB-108581"
],
"details": "lean-ruport Gem for Ruby contains a flaw in /test/tc_database.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information.",
"id": "GSD-2014-4998",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4998"
}
],
"schema_version": "1.4.0",
"summary": "lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lean-ruport-0.3.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/18"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-4998",
"date": "2014-06-30",
"description": "lean-ruport Gem for Ruby contains a flaw in /test/tc_database.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information.",
"gem": "lean-ruport",
"osvdb": 108581,
"title": "lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4998"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.3.8",
"affected_versions": "Version 0.3.8",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "The script `/test/tc_database.rb` exposes MySQL password information in plaintext in the process table. If this Gem is used in the context of a RoR application a remote attacker might be able to inject commands via the `#{user}` and `#{password}` variables as they are not sanitized before being passed to the shell.",
"fixed_versions": [],
"identifier": "CVE-2014-4998",
"identifiers": [
"CVE-2014-4998"
],
"package_slug": "gem/lean-ruport",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command injection vulnerability",
"urls": [
"http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html"
],
"uuid": "1e934ca6-7567-432c-8129-3d283d9ec669"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lean-ruport_project:lean-ruport:0.3.8:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4998"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lean-ruport-0.3.8",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/18"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T18:18Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}