CVE-2014-1234 (paratrooper-newrelic): Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure

January 8th, 2014

ADVISORIES

CVE-2014-1234 (NVD)
GHSA-959j-5g9v-3fpq
OSVDB-101839

GEM

paratrooper-newrelic

SEVERITY

CVSS v2.0: 2.1 (Low)

PATCHED VERSIONS

None.

DESCRIPTION

Paratrooper-newrelic Gem for Ruby contains a flaw in /lib/paratrooper-newrelic.rb. The issue is triggered when the script exposes the API key, allowing a local attacker to gain access to it by monitoring the process tree.

RubySec

CVE-2014-1234 (paratrooper-newrelic): Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories