Local Information Disclosure in point-cli for Ruby by Ruby Gem
CVE-2014-4997

7.8HIGH

Key Information:

Vendor

Point-cli Project

Status
Point-cli
Vendor
CVE Published:
10 January 2018

What is CVE-2014-4997?

The point-cli gem version 0.0.1 for Ruby contains a vulnerability that inadvertently exposes sensitive credentials through the command line. When the setup.rb file is executed, it includes credentials in the curl command, making them accessible to local users. This could lead to unauthorized access and exploitation if an attacker lists the process, potentially compromising sensitive information. Users of the affected version are advised to upgrade to a more secure version or implement other measures to mitigate this risk.

References

http://www.openwall.com/lists/oss-security/2014/07/17/5
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2014/07/07/16
mailing-listx_refsource_MLIST
http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.