Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-7111
Vulnerability from gsd - Updated: 2013-12-14 00:00Details
Bio Basespace SDK Gem for Ruby contains a flaw that is due to the API client code passing the API_KEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-7111",
"description": "The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.",
"id": "GSD-2013-7111"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "bio-basespace-sdk",
"purl": "pkg:gem/bio-basespace-sdk"
}
}
],
"aliases": [
"CVE-2013-7111",
"OSVDB-101031"
],
"details": "Bio Basespace SDK Gem for Ruby contains a flaw that is due to the API client code passing the API_KEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table.",
"id": "GSD-2013-7111",
"modified": "2013-12-14T00:00:00.000Z",
"published": "2013-12-14T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7111"
}
],
"schema_version": "1.4.0",
"summary": "Bio Basespace SDK Gem for Ruby Command Line API Key Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html"
},
{
"name": "[oss-security] 20131214 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/14/2"
},
{
"name": "[oss-security] 20131215 Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/15/5"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-7111",
"date": "2013-12-14",
"description": "Bio Basespace SDK Gem for Ruby contains a flaw that is due to the API client code passing the API_KEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table.",
"gem": "bio-basespace-sdk",
"osvdb": 101031,
"title": "Bio Basespace SDK Gem for Ruby Command Line API Key Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7111"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0",
"affected_versions": "All versions",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2014-04-29",
"description": "This package contains a flaw that is due to the API client code passing the API_KEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table.",
"fixed_versions": [],
"identifier": "CVE-2013-7111",
"identifiers": [
"CVE-2013-7111"
],
"package_slug": "gem/bio-basespace-sdk",
"pubdate": "2014-04-29",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command Line API Key Disclosure",
"urls": [
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bio-basespace-sdk/OSVDB-101031.yml"
],
"uuid": "cd959d4d-9b19-47e6-a157-f4d90e59696a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:basespace_ruby_sdk_project:basespace_ruby_sdk:0.1.7:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7111"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131215 Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/12/15/5"
},
{
"name": "http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html",
"refsource": "MISC",
"tags": [],
"url": "http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html"
},
{
"name": "[oss-security] 20131214 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/14/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-04-29T17:59Z",
"publishedDate": "2014-04-29T14:38Z"
}
}
}