CVE-2015-3448

Published: Apr 29, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

Affected (1)

Products: Rest Client Project: Rest Client

Rest Client Project

1 product

Rest Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rest Client Project Rest Client	Up to 1.7.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html

Source: cve@mitre.org

http://www.osvdb.org/117461

Source: cve@mitre.org

http://www.securityfocus.com/bid/74415

Source: cve@mitre.org

https://github.com/rest-client/rest-client/issues/349

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/117461

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/74415

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/rest-client/rest-client/issues/349

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.