Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-5004
Vulnerability from gsd - Updated: 2014-07-09 00:00Details
brbackup Gem for Ruby contains a flaw that is due to the program exposing
password information in plaintext in the process list. This may allow a
local attacker to gain access to password information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-5004",
"description": "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.",
"id": "GSD-2014-5004"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "brbackup",
"purl": "pkg:gem/brbackup"
}
}
],
"aliases": [
"CVE-2014-5004",
"OSVDB-108901"
],
"details": "brbackup Gem for Ruby contains a flaw that is due to the program exposing\npassword information in plaintext in the process list. This may allow a\nlocal attacker to gain access to password information.\n",
"id": "GSD-2014-5004",
"modified": "2014-07-09T00:00:00.000Z",
"published": "2014-07-09T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5004"
}
],
"schema_version": "1.4.0",
"summary": "brbackup Gem for Ruby Process List Local Plaintext Password Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/6"
},
{
"name": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html"
},
{
"name": "68506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68506"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-5004",
"date": "2014-07-09",
"description": "brbackup Gem for Ruby contains a flaw that is due to the program exposing\npassword information in plaintext in the process list. This may allow a\nlocal attacker to gain access to password information.\n",
"gem": "brbackup",
"osvdb": 108901,
"title": "brbackup Gem for Ruby Process List Local Plaintext Password Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5004"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0",
"affected_versions": "All versions",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2018-01-30",
"description": "The program exposes password information in plaintext in the process list. This may allow a local attacker to gain access to password information.",
"fixed_versions": [],
"identifier": "CVE-2014-5004",
"identifiers": [
"CVE-2014-5004"
],
"package_slug": "gem/brbackup",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Plaintext Password Disclosure",
"urls": [
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/brbackup/OSVDB-108901.yml"
],
"uuid": "8413b711-6a99-494b-98e0-a5859897f381"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:brbackup_project:brbackup:0.1.1:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5004"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html"
},
{
"name": "68506",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68506"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140710 Vulnerabilities in Ruby Gem brbackup-0.1.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/6"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T19:15Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}