rest-client allows local users to obtain sensitive information by reading the log · CVE-2015-3448 · GitHub Advisory Database · GitHub

rest-client allows local users to obtain sensitive information by reading the log

Low severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Jan 23, 2023

Package

rest-client (RubyGems)

Affected versions

< 1.7.3

Patched versions

1.7.3

Description

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

References

Published to the GitHub Advisory Database Oct 24, 2017

Reviewed Jun 16, 2020

Last updated Jan 23, 2023