Vulnerability Details CVE-2014-5002
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2014/07/07/23
- http://www.openwall.com/lists/oss-security/2014/07/17/5
- http://www.vapid.dhs.org/advisories/lynx-0.2.0.html
- https://github.com/panthomakos/lynx/issues/3
- http://www.openwall.com/lists/oss-security/2014/07/07/23
- http://www.openwall.com/lists/oss-security/2014/07/17/5
- http://www.vapid.dhs.org/advisories/lynx-0.2.0.html
- https://github.com/panthomakos/lynx/issues/3
Products affected by CVE-2014-5002
-
cpe:2.3:a:lynx_project:lynx:0.0.1
-
cpe:2.3:a:lynx_project:lynx:0.0.2
-
cpe:2.3:a:lynx_project:lynx:0.1.0
-
cpe:2.3:a:lynx_project:lynx:0.2.0
-
cpe:2.3:a:lynx_project:lynx:0.2.1
-
cpe:2.3:a:lynx_project:lynx:0.3.0
-
cpe:2.3:a:lynx_project:lynx:0.4.0