CVE-2013-0284 – newrelic_rpm

Package

Manager: gem
Name: newrelic_rpm
Vulnerable Version: >=3.2.0 <3.5.3.24

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0025 pctl0.48211

Details

newrelic_rpm Gem Discloses Sensitive Information Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2023-08-29T13:38:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-q6cw-2553-7837/GHSA-q6cw-2553-7837.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-q6cw-2553-7837
Finding: F038
Auto approve: 1