kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Process List Local Plaintext Password Disclosure
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-4999 (NVD)
- GHSA: GHSA-4ph7-5c44-pppv
- OSVDB: OSVDB-108529
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered as the program exposes the MySQL or PostgreSQL password in the process list. This may allow a local attacker to gain access to password information.