CVE-2016-10530
N/A
N/A
Summary
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | airbrake node module | <=0.3.8 | affected |
Weaknesses
- CWE-200: Information Disclosure (CWE-200)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.