Airbrake Ruby Notifier 4.2.3 Vulnerability: Unauthorized Disclosure of Passwords

Airbrake Ruby Notifier 4.2.3 Vulnerability: Unauthorized Disclosure of Passwords

CVE-2019-16060 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).

Learn more about our Web Application Penetration Testing UK.