CVE-2008-2517

SaraB < 0.2.4 - Local Sensitive Information Exposure via Command-Line Encryption Key

Title source: llm
STIX 2.1

Description

The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42621
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1659/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29364
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30394

Scores

EPSS 0.0027
EPSS Percentile 18.3%

Details

CWE
CWE-200
Status published
Products (2)
sarab/sarab 0.2.2
sarab/sarab < 0.2.3
Published Jun 03, 2008
Tracked Since Feb 18, 2026