ADVISORIES

• CVE-2014-5004 (NVD)
• GHSA-vqcm-7f7f-r539
• OSVDB-108901
• Vendor Advisory

GEM

brbackup

SEVERITY

CVSS v3.x: 7.8 (High)

CVSS v2.0: 2.1 (Low)

PATCHED VERSIONS

None.

DESCRIPTION

brbackup Gem for Ruby contains a flaw that is due to the program exposing password information in plaintext in the process list. This may allow a local attacker to gain access to password information.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2014-5004
• http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html
• http://www.vapidlabs.com/advisory.php?v=25
• http://www.openwall.com/lists/oss-security/2014/07/10/6
• http://www.openwall.com/lists/oss-security/2014/07/17/5
• http://www.securityfocus.com/bid/68506
• https://web.archive.org/web/20200229055655/https://www.securityfocus.com/bid/68506/