CVE-2014-5001

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
kcapifony_projectkcapifony
2.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/07/07/21
http://www.openwall.com/lists/oss-security/2014/07/17/5
http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html
http://www.openwall.com/lists/oss-security/2014/07/07/21
http://www.openwall.com/lists/oss-security/2014/07/17/5
http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html