echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure
Published: January 14, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-1835 (NVD)
- GHSA: GHSA-j4gx-p3x5-m987
- OSVDB: OSVDB-102130
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
echor Gem for Ruby contains a flaw that is due to the program exposing credential information in the system process listing. This may allow a local attacker to gain access to plaintext credential information.