CVE-2014-4997: Leak of credential information in process table

January 10, 2018 (updated January 30, 2018)

The application is exposing credential information in plaintext in the process table due to a flaw in /lib/commands/setup.rb. This may allow a local attacker to gain access to credential information.

References

www.vapid.dhs.org/advisories/point-cli-0.0.1.html

Detect and mitigate CVE-2014-4997 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →