Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vladtheenterprising_project | vladtheenterprising | 0.2.0 |
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vladtheenterprising_project | vladtheenterprising | 0.2.0 |