Low severityNVD Advisory· Published Apr 29, 2015· Updated May 6, 2026
CVE-2015-3448
CVE-2015-3448
Description
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rest-clientRubyGems | < 1.7.3 | 1.7.3 |
Affected products
1- cpe:2.3:a:rest-client_project:rest-client:*:*:*:*:*:ruby:*:*Range: <=1.7.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-mx9f-w8qq-q5jfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3448ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2015-04/msg00026.htmlnvdWEB
- github.com/rest-client/rest-client/issues/349nvdWEB
- web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415ghsaWEB
- www.osvdb.org/117461nvd
- www.securityfocus.com/bid/74415nvd
News mentions
0No linked articles in our index yet.