6 matches found
airbrake module information disclosure vulnerability
The airbrake module is an exception report notification program for use in Node.js. A security vulnerability exists in airbrake module version 0.3.8 and earlier, which stems from the program defaulting to sending environment variables with sensitive values over the HTTP protocol. An attacker can...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
Hardcoded credentials
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The CVE-2016-10530 issue affects the airbrake Node.js module (versions ≤ 0.3.8). It defaults to sending environment variables over HTTP, exposing secrets on privileged networks. This is explicitly described in multiple Connected sources (Airbrake node advisory and CVE records). Impact is exposure...