漏洞描述
Ruby Gem credentials file is exposed, potentially leaking RubyGems API keys. The ~/.gem/credentials file stores authentication tokens for publishing gems to RubyGems.org or private gem servers.
rubygems-credentials-exposure: Ruby Gem::ConfigFile Credential - Exposure
PoC代码[已公开]
id: rubygems-credentials-exposure
info:
name: Ruby Gem::ConfigFile Credential - Exposure
author: theamanrawat
severity: high
description: |
Ruby Gem credentials file is exposed, potentially leaking RubyGems API keys. The ~/.gem/credentials file stores authentication tokens for publishing gems to RubyGems.org or private gem servers.
reference:
- https://guides.rubygems.org/rubygems-org-api/
- https://blog.rubygems.org/2020/07/28/api-key-leak.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
metadata:
verified: false
max-request: 3
tags: exposure,rubygems,credentials,config,token
http:
- method: GET
path:
- "{{BaseURL}}/.gem/credentials"
- "{{BaseURL}}/credentials"
- "{{BaseURL}}/.gem/credentials.yaml"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- ":rubygems_api_key:"
- type: word
part: body
words:
- "<html"
- "<body"
- "<!DOCTYPE"
- "<script"
- "<?php"
negative: true
- type: status
status:
- 200
# digest: 4a0a00473045022100fbbe18e74a1b952e73787a98e9330cb5955a035846e46952f3f7258ff476cd6402203b7c7430b47b47fc991c385ec64ca585466eea2665dac44997d47643d6a5814a:922c64590222798bb761d5b6d8e72950