oss-sec mailing list archives

Re: Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key

From: cve-assign () mitre org
Date: Wed, 8 Jan 2014 13:00:53 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

curl ... -H "X-Api-Key: #{api_key}"

a malicious user can monitor the process tree and steal the API key.


Use CVE-2014-1234.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzZHhAAoJEKllVAevmvmsAw0H/196zSQmOtll/0ES/trWM3tv
FNIFbvE4aPj2u+aieytxYz6FMsCR5O1N9X7KVg5JNeWArd+yGA+iYGLKq/VxZ7FB
lozoW703pGtslNC/VGujGThgOQYbIG/sXwCx/K3iFZehg+6DRTVc5iLml5ffXWVJ
8eUnfRn2FuUD+4wkHbEgOgxc6436DTGSLaXV61AAAufUXelmQEwE7GeICDEL51+5
6oBsvilMWChPpQLcDntgj9MFiC9mqExt7vkmnzxyp2VQU1atcE1eYHdf//eqNVl7
h0kKEMrgVzW/tzdFxaj1SGA4h6WTrRsi/78OMTmFmbwms5d/PyUqTtVBHNDsvEw=
=hAhi
-----END PGP SIGNATURE-----

Current thread:

Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key Larry W. Cashdollar (Jan 07)
- Re: Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key cve-assign (Jan 08)