RubySec

Providing security resources for the Ruby community

CVE-2014-1234 (paratrooper-newrelic): Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure

ADVISORIES

GEM

paratrooper-newrelic

SEVERITY

CVSS v2: 2.1 (Low)

PATCHED VERSIONS

None.

DESCRIPTION

Paratrooper-newrelic Gem for Ruby contains a flaw in /lib/paratrooper-newrelic.rb. The issue is triggered when the script exposes the API key, allowing a local attacker to gain access to it by monitoring the process tree.