Vladtheenterprising Project: Security Vulnerabilities
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
CVSS Score
7.0
EPSS Score
0.001
Published
2018-01-10
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-01-10