Insecure Default Configurationairbrake
Affected versions of
airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.
Update to version 0.4.0 or later, or upgrade from the now-deprecated
airbrake module to its replacement,
publishedAdvisory publishedMar 28th, 2016
reportedInitial report by Phil SchleihaufMar 28th, 2016