The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2014/01/08/1 | Exploit |
http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html | Exploit |
Configurations
Information
Published : 2014-01-10 04:02
Updated : 2014-01-10 09:53
NVD link : CVE-2014-1233
Mitre link : CVE-2014-1233
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
tobias_maier
- paratrooper-pingdom