CVE-2014-5000: Leak of password in process table

January 10, 2018 (updated January 30, 2018)

A flaw in /lib/lawn.rb is causing the application to expose password information in plaintext in the process table. This may allow a local attacker to gain access to password information.

References

www.vapid.dhs.org/advisories/lawn-login-0.0.7.html

Detect and mitigate CVE-2014-5000 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →