CVE-2015-3448

medium

Description

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

References

https://github.com/rest-client/rest-client/issues/349

http://www.securityfocus.com/bid/74415

http://www.osvdb.org/117461

http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html

Details

Source: Mitre, NVD

Published: 2015-04-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium