CVE-2015-3448
EPSS 0.07%rest-client allows local users to obtain sensitive information by reading the log
Published: 10/24/2017Modified: 4/28/2026
Description
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Affected packages (2)
- Debian/ruby-rest-clientfrom 0, < 1.8.0-1
- RubyGems/rest-clientfrom 0, < 1.7.3
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3448
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3448
- PATCHhttps://github.com/rest-client/rest-client
- WEBhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html
- WEBhttps://github.com/rest-client/rest-client/issues/349
- WEBhttps://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415