airbrake

Insecure Default Configuration

Severity: moderate

Overview

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.

Remediation

Update to version 0.4.0 or later, or upgrade from the now-deprecated airbrake module to its replacement, airbrake-js.

Vulnerable versions

0.0.0
7 years ago
0.0.1
7 years ago
0.0.2
7 years ago
0.0.3
7 years ago
0.0.4
7 years ago
0.0.5
7 years ago
0.0.6
7 years ago
0.0.7
7 years ago
0.0.8
7 years ago
0.0.9
7 years ago
0.1.0
7 years ago
0.1.1
7 years ago
0.2.0
7 years ago
0.2.1
7 years ago
0.2.2
7 years ago
0.2.3
7 years ago
0.2.4
7 years ago
0.2.5
6 years ago
0.2.6
6 years ago
0.2.7
6 years ago
0.2.8
6 years ago
0.2.9
6 years ago
0.3.0
5 years ago
0.3.1
5 years ago
0.3.2
5 years ago
0.3.4
5 years ago
0.3.5
5 years ago
0.3.8
5 years ago

Unaffected versions

0.3.0-beta
5 years ago
0.4.0
2 years ago
0.4.1
2 years ago
1.0.0
2 years ago
1.0.1
2 years ago
1.0.2
2 years ago
1.0.3
2 years ago
1.1.0
2 years ago
1.2.0
2 years ago
1.2.1
2 years ago
1.2.2
a year ago
1.3.0
a year ago
2.0.0
a year ago
2.0.1
a year ago
2.1.0
a year ago
2.1.1
a year ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Mar 28th, 2016
  2. Reported

    Initial report by Phil Schleihauf
    Mar 28th, 2016