{"id":"UBUNTU-CVE-2015-3448","details":"REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.","modified":"2025-07-16T07:32:56.153828Z","published":"2015-04-29T20:59:00Z","withdrawn":"2025-07-18T16:43:12Z","upstream":["CVE-2015-3448"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3448"},{"type":"REPORT","url":"https://github.com/rest-client/rest-client/issues/349"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-3448"}],"affected":[{"package":{"name":"ruby-rest-client","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ruby-rest-client@1.8.0-2ubuntu1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0-2ubuntu1"}]}],"versions":["1.6.7-6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.8.0-2ubuntu1","binary_name":"ruby-rest-client"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3448.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}