CVE-2014-5000 (lawn-login): lawn-login Gem for Ruby /lib/lawn.rb Process Table Local Plaintext Password Disclosure

June 30th, 2014

ADVISORIES

CVE-2014-5000 (NVD)
GHSA-rhgq-vv9x-j4p5
OSVDB-108576

GEM

lawn-login

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

lawn-login Gem for Ruby contains a flaw in /lib/lawn.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.

RubySec

CVE-2014-5000 (lawn-login): lawn-login Gem for Ruby /lib/lawn.rb Process Table Local Plaintext Password Disclosure

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories