RubySec

Providing security resources for the Ruby community

CVE-2014-1233 (paratrooper-pingdom): paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure

ADVISORIES

GEM

paratrooper-pingdom

SEVERITY

CVSS v2: 2.1 (Low)

PATCHED VERSIONS

None.

DESCRIPTION

paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree.