CVE-2015-3448
EPSS 0.07%rest-client allows local users to obtain sensitive information by reading the log
發布日:2017/10/24修改日:2026/4/28
描述
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
受影響套件(2)
- Debian/ruby-rest-clientfrom 0, < 1.8.0-1
- RubyGems/rest-clientfrom 0, < 1.7.3
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3448
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3448
- PATCHhttps://github.com/rest-client/rest-client
- WEBhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html
- WEBhttps://github.com/rest-client/rest-client/issues/349
- WEBhttps://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415