Miggo Logo

CVE-2013-7111: Exposure of Sensitive Information in bio-basespace-sdk

5

CVSS Score

Basic Information

EPSS Score
0.51334%
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
bio-basespace-sdkrubygems<= 0.1.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability documentation explicitly identifies the put_call function in api_client.rb as the source of exposure. The function uses shell command interpolation (%x{curl ...}) with the API_KEY as a command-line parameter, which is visible in process listings. Multiple independent sources (CVE, GHSA, and original advisory) corroborate this specific function as the vulnerability vector. No other functions are mentioned in the provided evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** put_**ll *un*tion in t** *PI *li*nt (`*pi/*pi_*li*nt.r*`) in t** **s*Sp*** Ru*y S*K (*k* *io-**s*sp***-s*k) **m *.*.* *or Ru*y us*s t** `*PI_K*Y` on t** *omm*n* lin*, w*i** *llows r*mot* *tt**k*rs to o*t*in s*nsitiv* in*orm*tion *y listin* t** pr

Reasoning

T** vuln*r**ility *o*um*nt*tion *xpli*itly i**nti*i*s t** put_**ll *un*tion in *pi_*li*nt.r* *s t** sour** o* *xposur*. T** *un*tion us*s s**ll *omm*n* int*rpol*tion (%x{*url ...}) wit* t** *PI_K*Y *s * *omm*n*-lin* p*r*m*t*r, w*i** is visi*l* in pro