ADVISORIES
- CVE-2014-1233 (NVD)
- GHSA-fqrr-rrwg-69pv
- OSVDB-101847
GEM
SEVERITY
CVSS v2.0: 2.1 (Low)
PATCHED VERSIONS
None.
DESCRIPTION
paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree.