CVE-2014-1234: Newrelic API credentials exposure in process tree

January 10, 2014

The file lib/paratrooper-newrelic.rb executes curl requests with Newrelic API credentials (account_id, application_id & api_key). If a malicious user manages to monitor the process tree that run on your server, he can then steal these credentials.

References

www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html

Code Behaviors & Features

Detect and mitigate CVE-2014-1234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →