Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure
Published: January 08, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-1234 (NVD)
- GHSA: GHSA-959j-5g9v-3fpq
- OSVDB: OSVDB-101839
GEM
SEVERITY
CVSS v2.0: 2.1 (Low)
PATCHED VERSIONS
None available.
DESCRIPTION
Paratrooper-newrelic Gem for Ruby contains a flaw in /lib/paratrooper-newrelic.rb. The issue is triggered when the script exposes the API key, allowing a local attacker to gain access to it by monitoring the process tree.