CVE-2013-7111

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
basespace_ruby_sdk_projectbasespace_ruby_sdk
0.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/12/14/2
http://www.openwall.com/lists/oss-security/2013/12/15/5
http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html
http://www.openwall.com/lists/oss-security/2013/12/14/2
http://www.openwall.com/lists/oss-security/2013/12/15/5
http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html