oss-sec mailing list archives
Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line
From: cve-assign () mitre org
Date: Sun, 15 Dec 2013 15:26:12 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Download: http://rubygems.org/gems/bio-basespace-sdk bio-basespace-sdk-0.1.7/lib/basespace/api/api_client.rb The API client code passes the API_KEY to a curl command. Another user on the system could snag the api key by just monitoring the process table. Advisory: http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html
Use CVE-2013-7111. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSrhANAAoJEKllVAevmvmspSYH/27+bRPGr06UE1a5z1L1ze17 X4uiXjBpR5hgOn1QGTxDiTGGdS3vUL7vVT5N6IhqVPgn+VRKNcorrZ/4E063JgAw vlKyMlykQJnyVyA5nfLo1xtW044hZJoTsXIJQsIjFaaTmoznAcEGNlepUF1bqP+7 mvW8k60wBrAENPB2r3Xo5xqjvonlg5J/jGwvPC2/hudYz+6UCMbGGbVc/6so/4CB 13J4vSb1cqgswbyNIVL86yTPe/tLZSPNgYATOA1mjeBwA9jHXhfvBn6WYAestEkE I9HyyfAiVTWWEcYNvVWBJNIZlElBVcOW7TtvQft3pAm4sgVB7RLxWUEicmxnS1Q= =qN3z -----END PGP SIGNATURE-----
Current thread:
- Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 14)
- Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 15)
- Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line cve-assign (Dec 15)