Описание
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Меры по смягчению последствий
The permissions on log files can be changed, e.g. using "chmod o-rwx" to prevent anyone but the user and group owner of the file from reading it. Additionally the group permissions can also be removed, e.g. "chmod g-rwx" if only the user owning the file should be able to see it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | ruby193-rubygem-rest-client | Affected | ||
| OpenStack Foreman | rubygem-rest-client | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | ruby193-rubygem-rest-client | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | rubygem-rest-client | Affected | ||
| Red Hat Enterprise MRG 2 | rubygem-rest-client | Affected | ||
| Red Hat OpenShift Enterprise 2 | ruby193-rubygem-rest-client | Affected | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-rest-client | Affected | ||
| Red Hat Subscription Asset Manager | rubygem-rest-client | Affected | ||
| CloudForms Management Engine 5.4 | cfme | Fixed | RHBA-2015:1100 | 16.06.2015 |
| CloudForms Management Engine 5.4 | cfme-gemset | Fixed | RHBA-2015:1100 | 16.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...
rest-client allows local users to obtain sensitive information by reading the log
EPSS
2.1 Low
CVSS2