Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7111

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7111
Last Modified 29 Apr 2014 01:59:23
Published 29 Apr 2014 10:38:46
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7111

Summary

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.

Vulnerable Systems

Application

  • Basespace Ruby Sdk Project Basespace Ruby Sdk 0.1.7


References

MISC - http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html

MLIST - [oss-security] 20131215 Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

MLIST - [oss-security] 20131214 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line


Last Updated: 27 May 2016 11:05:06