CVE-2014-4998 (lean-ruport): lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure

June 30th, 2014

ADVISORIES

CVE-2014-4998 (NVD)
GHSA-5g7f-p7jg-v6mv
OSVDB-108581

GEM

lean-ruport

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

lean-ruport Gem for Ruby contains a flaw in /test/tc_database.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information.

RubySec

CVE-2014-4998 (lean-ruport): lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories