Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-1233
Vulnerability from gsd - Updated: 2013-12-26 00:00Details
paratrooper-pingdom Gem for Ruby contains a flaw in
/lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes
API login credentials, allowing a local attacker to gain access to the API
key, username, and password for the API login by monitoring the process tree.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1233",
"description": "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.",
"id": "GSD-2014-1233"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "paratrooper-pingdom",
"purl": "pkg:gem/paratrooper-pingdom"
}
}
],
"aliases": [
"CVE-2014-1233",
"OSVDB-101847"
],
"details": "paratrooper-pingdom Gem for Ruby contains a flaw in\n/lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes\nAPI login credentials, allowing a local attacker to gain access to the API\nkey, username, and password for the API login by monitoring the process tree.\n",
"id": "GSD-2014-1233",
"modified": "2013-12-26T00:00:00.000Z",
"published": "2013-12-26T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 2.1,
"type": "CVSS_V2"
}
],
"summary": "paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html"
},
{
"name": "[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/08/1"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-1233",
"cvss_v2": 2.1,
"date": "2013-12-26",
"description": "paratrooper-pingdom Gem for Ruby contains a flaw in\n/lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes\nAPI login credentials, allowing a local attacker to gain access to the API\nkey, username, and password for the API login by monitoring the process tree.\n",
"gem": "paratrooper-pingdom",
"osvdb": 101847,
"title": "paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1233"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.0.0",
"affected_versions": "All versions",
"credit": "Larry W. Cashdollar",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2014-01-10",
"description": "The file lib/paratrooper-pingdom.rb executes curl requests with pingdom API credentials (app_key, username \u0026 password). If a malicious user manages to monitor the process tree that run on your server, he can then have access to these credentials.",
"fixed_versions": [],
"identifier": "CVE-2014-1233",
"identifiers": [
"CVE-2014-1233"
],
"package_slug": "gem/paratrooper-pingdom",
"pubdate": "2014-01-10",
"solution": "There\u0027s no currently known solution.",
"title": "Pingdom API credentials exposure in process tree",
"urls": [
"http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html"
],
"uuid": "70665ef8-00aa-4dd2-a094-d2876a17b035"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tobias_maier:paratrooper-pingdom:1.0.0:-:-:*:-:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1233"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2014/01/08/1"
},
{
"name": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-01-10T17:53Z",
"publishedDate": "2014-01-10T12:02Z"
}
}
}