Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-1835
Vulnerability from gsd - Updated: 2014-01-14 00:00Details
echor Gem for Ruby contains a flaw that is due to the program exposing
credential information in the system process listing. This may allow a local
attacker to gain access to plaintext credential information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1835",
"description": "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.",
"id": "GSD-2014-1835"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "echor",
"purl": "pkg:gem/echor"
}
}
],
"aliases": [
"CVE-2014-1835",
"OSVDB-102130"
],
"details": "echor Gem for Ruby contains a flaw that is due to the program exposing\ncredential information in the system process listing. This may allow a local\nattacker to gain access to plaintext credential information.\n",
"id": "GSD-2014-1835",
"modified": "2014-01-14T00:00:00.000Z",
"published": "2014-01-14T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1835"
}
],
"schema_version": "1.4.0",
"summary": "echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/10"
},
{
"name": "echor-ruby-system-process-info-disc(90858)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/90858"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-1835",
"date": "2014-01-14",
"description": "echor Gem for Ruby contains a flaw that is due to the program exposing\ncredential information in the system process listing. This may allow a local\nattacker to gain access to plaintext credential information.\n",
"gem": "echor",
"osvdb": 102130,
"title": "echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1835"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.0.0",
"affected_versions": "All versions",
"credit": "Larry W. Cashdollar - Vapid Labs",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-255",
"CWE-937"
],
"date": "2018-02-14",
"description": "The echor Gem for Ruby contains a flaw that is due to the program exposing credential information in the system process listing. This may allow a local attacker to gain access to plaintext credential information.",
"fixed_versions": [],
"identifier": "CVE-2014-1835",
"identifiers": [
"CVE-2014-1835"
],
"package_slug": "gem/echor",
"pubdate": "2018-02-02",
"solution": "We are not currently aware of a solution for this vulnerability.",
"title": "Credential information exposure",
"urls": [
"http://osvdb.org/show/osvdb/102130"
],
"uuid": "8de7389f-c9ad-4bf0-b24d-f68df5e5ba5a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:echor_project:echor:0.1.6:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1835"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "echor-ruby-system-process-info-disc(90858)",
"refsource": "XF",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/90858"
},
{
"name": "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/10"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-02-14T15:12Z",
"publishedDate": "2018-02-02T21:29Z"
}
}
}