CVE-2014-4999: Gain access to password information as local attacker

January 10, 2018 (updated January 30, 2018)

There is s a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered as the program exposes the MySQL or PostgreSQL password in the process list. This may allow a local attacker to gain access to password information.

References

osvdb.org/show/osvdb/108529

Detect and mitigate CVE-2014-4999 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →