PT-2018-4239 · Ruby · Point-Cli

Larry W. Cashdollar

Publicado

2018-01-10

Atualizado

2022-05-14

CVE-2014-4997

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions point-cli gem version 0.0.1

Description The issue allows local users to obtain sensitive information by listing the process, as credentials are placed on the curl command line in the lib/commands/setup.rb file of the point-cli gem for Ruby.

Recommendations For point-cli gem version 0.0.1, consider restricting access to sensitive information and avoid using the lib/commands/setup.rb file until a fix is available. As a temporary workaround, consider modifying the lib/commands/setup.rb file to handle credentials securely, such as using environment variables or a secure storage mechanism for sensitive information.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-4997

GHSA-MC8M-X6HF-CW2G

Produtos afetados

Point-Cli

PT-2018-4239 · Ruby · Point-Cli

CVE-2014-4997

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7