CVE-2014-1233: Pingdom API credentials exposure in process tree

January 10, 2014

The file lib/paratrooper-pingdom.rb executes curl requests with pingdom API credentials (app_key, username & password). If a malicious user manages to monitor the process tree that run on your server, he can then have access to these credentials.

References

www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html

Detect and mitigate CVE-2014-1233 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →