rest-client allows local users to obtain sensitive information by reading the log

2017-10-2418:33:36

Google

osv.dev

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

CPENameOperatorVersion
rest-clienteq1.5.0
rest-clienteq1.6.3
rest-clienteq0.2
rest-clienteq1.4.0.a
rest-clienteq1.4.0
rest-clienteq0.3
rest-clienteq0.5.1
rest-clienteq1.6.0
rest-clienteq1.6.1
rest-clienteq0.7

Name	Operator	Version
rest-client	eq	1.5.0
rest-client	eq	1.6.3
rest-client	eq	0.2
rest-client	eq	1.4.0.a
rest-client	eq	1.4.0
rest-client	eq	0.3
rest-client	eq	0.5.1
rest-client	eq	1.6.0
rest-client	eq	1.6.1
rest-client	eq	0.7