CVE-2014-4999
HIGHkajam 1.0.3.rc2 - Exposure of Sensitive Information via MySQL Command Line
Title source: llmDescription
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/07/17/5
Exploit, Third Party Advisory x_refsource_misc
http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/07/07/19
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (2)
kajam_project/kajam
1.0.3 rc2
rubygems/kajam
0RubyGems
Published
Jan 10, 2018
Tracked Since
Feb 18, 2026