CVE-2022-2815: 
Ruby vulnerability analysis and mitigation

Insecure Storage of Sensitive Information vulnerability was discovered in GitHub repository publify/publify versions prior to 9.2.10. The vulnerability was assigned CVE-2022-2815 and was disclosed on January 14, 2023. The issue affects the publify project's handling of sensitive information in their repository (NVD).

The vulnerability has been assigned a CVSS v3 Base Score of 6.5 (Medium severity), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and can impact confidentiality but not integrity or availability (AttackerKB).

The vulnerability could lead to unauthorized disclosure of sensitive information stored in the GitHub repository. The impact is primarily focused on confidentiality, with potential exposure of sensitive data that should have been properly secured (NVD).

The vulnerability has been fixed in publify version 9.2.10. Users should upgrade to this version or later to mitigate the risk. The fix includes improvements to secure storage handling of sensitive information (GitHub Commit).