paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure
Published: December 26, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2014-1233 (NVD)
- GHSA: GHSA-fqrr-rrwg-69pv
- OSVDB: OSVDB-101847
GEM
SEVERITY
CVSS v2.0: 2.1 (Low)
PATCHED VERSIONS
None available.
DESCRIPTION
paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree.