Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2015-2179
Vulnerability from gsd - Updated: 2015-02-17 00:00Details
xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function
in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is
due to the function exposing sensitive information via the process table.
This may allow a local attack to gain access to MySQL credential information.
Aliases
{
"GSD": {
"alias": "CVE-2015-2179",
"id": "GSD-2015-2179"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "xaviershay-dm-rails",
"purl": "pkg:gem/xaviershay-dm-rails"
}
}
],
"aliases": [
"CVE-2015-2179",
"OSVDB-118579",
"GHSA-88p8-4vv5-82j7"
],
"details": "xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function\nin /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is\ndue to the function exposing sensitive information via the process table.\nThis may allow a local attack to gain access to MySQL credential information.\n",
"id": "GSD-2015-2179",
"modified": "2015-02-17T00:00:00.000Z",
"published": "2015-02-17T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2179"
}
],
"schema_version": "1.4.0",
"summary": "xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=115",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=115"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2015-2179",
"date": "2015-02-17",
"description": "xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function\nin /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is\ndue to the function exposing sensitive information via the process table.\nThis may allow a local attack to gain access to MySQL credential information.\n",
"gem": "xaviershay-dm-rails",
"ghsa": "88p8-4vv5-82j7",
"osvdb": 118579,
"title": "xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2179"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.0.0",
"affected_versions": "All versions",
"credit": "Larry W. Cashdollar, @_larry0",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2015-02-17",
"description": "The `execute` function in the xaviershay-dm-rail package exposes user credentials to the process table in `/datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb`",
"fixed_versions": [],
"identifier": "CVE-2015-2179",
"identifiers": [
"CVE-2015-2179"
],
"package_slug": "gem/xaviershay-dm-rails",
"pubdate": "2015-02-17",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "MySQL credential exposure",
"urls": [
"http://osvdb.org/show/osvdb/118579",
"http://seclists.org/fulldisclosure/2015/Feb/86"
],
"uuid": "90ec528d-f7c9-48fe-ab29-54bde432b724"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xaviershay-dm-rails_porject:xaviershay-dm-rails:0.10.3.8:*:*:*:*:ruby:*:*",
"matchCriteriaId": "B433654E-4DB3-478F-8703-EDB7F9111EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments."
},
{
"lang": "es",
"value": "xaviershay-dm-rails gem 0.10.3.8 para Ruby permite a los usuarios locales descubrir las credenciales de MySQL enumerando un proceso y sus argumentos."
}
],
"id": "CVE-2015-2179",
"lastModified": "2023-12-14T20:35:06.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T17:15:07.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisory.php?v=115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}