Vulnerability Details CVE-2019-16060
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2019-16060
-
cpe:2.3:a:airbrake:airbrake_ruby:4.2.3