lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-4998 (NVD)
- GHSA: GHSA-5g7f-p7jg-v6mv
- OSVDB: OSVDB-108581
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
lean-ruport Gem for Ruby contains a flaw in /test/tc_database.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information.