Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line
From: cve-assign () mitre org
Date: Sun, 15 Dec 2013 15:26:12 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Download: http://rubygems.org/gems/bio-basespace-sdk

bio-basespace-sdk-0.1.7/lib/basespace/api/api_client.rb

The API client code passes the API_KEY to a curl command.

Another user on the system could snag the api key by just monitoring the process table.

Advisory: http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html

Use CVE-2013-7111.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSrhANAAoJEKllVAevmvmspSYH/27+bRPGr06UE1a5z1L1ze17
X4uiXjBpR5hgOn1QGTxDiTGGdS3vUL7vVT5N6IhqVPgn+VRKNcorrZ/4E063JgAw
vlKyMlykQJnyVyA5nfLo1xtW044hZJoTsXIJQsIjFaaTmoznAcEGNlepUF1bqP+7
mvW8k60wBrAENPB2r3Xo5xqjvonlg5J/jGwvPC2/hudYz+6UCMbGGbVc/6so/4CB
13J4vSb1cqgswbyNIVL86yTPe/tLZSPNgYATOA1mjeBwA9jHXhfvBn6WYAestEkE
I9HyyfAiVTWWEcYNvVWBJNIZlElBVcOW7TtvQft3pAm4sgVB7RLxWUEicmxnS1Q=
=qN3z
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]