CVE-2014-4999
Last modified
CVE-2014-4999 is a vulnerability of currently unknown severity. vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Kajam Project | Kajam | 1.0.3 | Rc2 |
References
- http://www.openwall.com/lists/oss-security/2014/07/07/19Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing List, Third Party Advisory
- http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.htmlExploit, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/07/19Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2014/07/17/5Mailing List, Third Party Advisory
- http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-4999?
How severe is CVE-2014-4999?
How do I fix CVE-2014-4999?
Are you affected by CVE-2014-4999?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST