GHSA-vqcm-7f7f-r539

Suggest an improvement
Source
https://github.com/advisories/GHSA-vqcm-7f7f-r539
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-vqcm-7f7f-r539/GHSA-vqcm-7f7f-r539.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vqcm-7f7f-r539
Aliases
  • CVE-2014-5004
Published
2018-03-05T19:32:06Z
Modified
2023-11-08T03:57:43.205518Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
brbackup exposes database password to unauthorized users
Details

lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.

References

Affected packages

RubyGems / brbackup

Package

Name
brbackup
Purl
pkg:gem/brbackup

Affected ranges

Affected versions

0.*

0.1.1