Sensitive Information Exposure through Command Line Arguments

Sensitive Information Exposure through Command Line Arguments

CVE-2014-4993 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.

Learn more about our User Device Pen Test.