CVE-2015-3448

CVE-2015-3448

EPSS 0.4%

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html https://github.com/rest-client/rest-client/issues/349 http://www.osvdb.org/117461 http://www.securityfocus.com/bid/74415