lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
References
Link | Resource |
---|---|
http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/68735 | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2014/07/17/5 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2014/07/07/16 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2018-01-10 10:29
Updated : 2018-01-30 10:17
NVD link : CVE-2014-4997
Mitre link : CVE-2014-4997
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
point-cli_project
- point-cli