CVE-2016-10530

Name of the Vulnerable Software and Affected Versions airbrake versions 0.3.8 and earlier

Description The issue concerns the airbrake module sending environment variables over HTTP by default. This can lead to the exposure of secret keys and sensitive values to malicious users on the same network, as they can intercept the data. This practice goes against the common best practice of using HTTPS. In scenarios where an attacker has a privileged network position, they can capture and read these environment variables, potentially leaking sensitive information.

Recommendations Update to version 0.4.0 or later. As an alternative, upgrade from the now-deprecated airbrake module to its replacement.