CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.9%
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
Vendor | Product | Version | CPE |
---|---|---|---|
airbrake | airbrake_ruby | 4.2.3 | cpe:2.3:a:airbrake:airbrake_ruby:4.2.3:*:*:*:*:*:*:* |
github.com/advisories/GHSA-2p82-v77v-mppr
github.com/airbrake/airbrake-ruby/issues/468
github.com/airbrake/airbrake-ruby/pull/469/commits/d29925e7838031bf7dea7016b22de52532503796
github.com/rubysec/ruby-advisory-db/blob/master/gems/airbrake-ruby/CVE-2019-16060.yml
nvd.nist.gov/vuln/detail/CVE-2019-16060
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.9%