यह पृष्ठ अभी तक आपकी भाषा में अनुवादित नहीं हुआ है। हम इस पर काम कर रहे हैं, तब तक अंग्रेज़ी में सामग्री दिखाई जा रही है।
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2015-3448: Information Disclosure in Ruby Rest-Client
प्लेटफ़ॉर्म
ruby
घटक
rest-client
में ठीक किया गया
1.7.3
CVE-2015-3448 affects the Ruby rest-client library, specifically versions up to 1.7.2.rc1. This vulnerability results in the logging of usernames and passwords, potentially exposing sensitive credentials to local users who can access the application's log files. The vulnerability was published in 2017 and a fix is available in version 1.7.3.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी Gemfile.lock फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The primary impact of CVE-2015-3448 is the exposure of sensitive credentials. An attacker with local access to the system and the ability to read log files can potentially obtain usernames and passwords used by the application. This could lead to unauthorized access to the application itself or to other systems if the same credentials are reused. While the CVSS score is LOW, the potential for credential theft makes this a significant concern, especially in environments where sensitive data is handled.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2015-3448 is not currently listed on KEV or EPSS. The LOW CVSS score suggests a low probability of active exploitation. Public proof-of-concept (POC) code may exist, but there are no reports of widespread exploitation campaigns targeting this vulnerability. The vulnerability was initially reported and addressed several years ago, reducing the likelihood of ongoing exploitation.
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.07% (20% शतमक)
प्रभावित सॉफ्टवेयर
समयरेखा
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The recommended mitigation for CVE-2015-3448 is to upgrade to rest-client version 1.7.3 or later. If upgrading is not immediately feasible, consider restricting access to the application's log files to authorized personnel only. Implement a robust logging policy that avoids logging sensitive information like usernames and passwords. Review existing log files for any exposed credentials and rotate them immediately. After upgrading, verify the fix by attempting to trigger a request that would have previously logged credentials and confirming that no sensitive data is now present in the logs.
कैसे ठीक करेंअनुवाद हो रहा है…
कोई आधिकारिक पैच उपलब्ध नहीं है। वैकल्पिक समाधान खोजें या अपडेट की निगरानी करें।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2015-3448 — Information Disclosure in Ruby Rest-Client?
CVE-2015-3448 is a vulnerability in Ruby rest-client versions up to 1.7.2.rc1 that allows local users to read usernames and passwords from log files, potentially exposing sensitive credentials.
Am I affected by CVE-2015-3448 in Ruby Rest-Client?
You are affected if your application uses rest-client version 1.7.2.rc1 or earlier. Check your gem dependencies to determine if you are using a vulnerable version.
How do I fix CVE-2015-3448 in Ruby Rest-Client?
Upgrade to rest-client version 1.7.3 or later. This resolves the logging of sensitive information. Also, review your logging practices to avoid logging credentials.
Is CVE-2015-3448 being actively exploited?
There are no current reports of widespread exploitation campaigns targeting CVE-2015-3448, but the potential for credential theft remains a concern.
Where can I find the official Ruby Rest-Client advisory for CVE-2015-3448?
Refer to the rest-client gem's release notes and RubyGems.org for information related to this vulnerability: https://rubygems.org/gems/rest-client/versions/1.7.3
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी Gemfile.lock फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।
अपने Ruby प्रोजेक्ट को अभी स्कैन करें — कोई खाता नहीं
Upload your Gemfile.lock and get the vulnerability report instantly. No account. Uploading the file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
अपनी डिपेंडेंसी फ़ाइल ड्रैग और ड्रॉप करें
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...