Symlink File Overwrite Affecting vladtheenterprising package, versions >=0.0.0


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUBY-VLADTHEENTERPRISING-20183
  • published29 Jun 2014
  • disclosed29 Jun 2014
  • creditUnknown

Introduced: 29 Jun 2014

CVE-2014-4995  (opens in a new tab)
CWE-208  (opens in a new tab)

Overview

VladTheEnterprising is a series of packages to help using the Vlad gem to manage "enterprise" environments. Affected versions of this Gem contain a flaw causing the program to create temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.#{target_host} file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary commands.

CVSS Base Scores

version 3.1