cap-strap Gem for Ruby Process Table Local Plaintext Credential Disclosure
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-4992 (NVD)
- GHSA: GHSA-pcm6-g2qp-9gw8
- OSVDB: OSVDB-108574
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
cap-strap Gem for Ruby contains a flaw that is due to the application exposing credential information in plaintext in the process table listing. This may allow a local attacker to gain access to credential information.