Vulnerability Details CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2016-10530
-
cpe:2.3:a:airbrake:airbrake:0.0.1
-
cpe:2.3:a:airbrake:airbrake:0.0.2
-
cpe:2.3:a:airbrake:airbrake:0.0.3
-
cpe:2.3:a:airbrake:airbrake:0.0.4
-
cpe:2.3:a:airbrake:airbrake:0.0.5
-
cpe:2.3:a:airbrake:airbrake:0.0.6
-
cpe:2.3:a:airbrake:airbrake:0.0.7
-
cpe:2.3:a:airbrake:airbrake:0.0.8
-
cpe:2.3:a:airbrake:airbrake:0.0.9
-
cpe:2.3:a:airbrake:airbrake:0.1.0
-
cpe:2.3:a:airbrake:airbrake:0.1.1
-
cpe:2.3:a:airbrake:airbrake:0.2.0
-
cpe:2.3:a:airbrake:airbrake:0.2.1
-
cpe:2.3:a:airbrake:airbrake:0.2.2
-
cpe:2.3:a:airbrake:airbrake:0.2.3
-
cpe:2.3:a:airbrake:airbrake:0.2.4
-
cpe:2.3:a:airbrake:airbrake:0.2.5
-
cpe:2.3:a:airbrake:airbrake:0.2.6
-
cpe:2.3:a:airbrake:airbrake:0.2.7
-
cpe:2.3:a:airbrake:airbrake:0.2.8
-
cpe:2.3:a:airbrake:airbrake:0.2.9
-
cpe:2.3:a:airbrake:airbrake:0.3.8