Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-J72J-HJPX-V29V

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11
VLAI
Details

ProjectSend before r1070 writes user passwords to the server logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-26T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "ProjectSend before r1070 writes user passwords to the server logs.",
  "id": "GHSA-j72j-hjpx-v29v",
  "modified": "2024-04-04T00:11:29Z",
  "published": "2022-05-24T16:44:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11492"
    },
    {
      "type": "WEB",
      "url": "https://www.projectsend.org/change-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7CV-VCX2-4X46

Vulnerability from github – Published: 2023-08-16 15:30 – Updated: 2024-04-04 06:59
VLAI
Details

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-16T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "\nDell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.\n\n",
  "id": "GHSA-j7cv-vcx2-4x46",
  "modified": "2024-04-04T06:59:43Z",
  "published": "2023-08-16T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32491"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J86X-FWP2-QH7V

Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-06-05 14:28
VLAI
Summary
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Details

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model, workload isolation, and JWT authentication details are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T23:16:51Z",
    "nvd_published_at": "2026-04-13T15:17:05Z",
    "severity": "MODERATE"
  },
  "details": "Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow\u0027s intentions and security model of Airflow did not suggest different assumptions. The overall security model, workload isolation, and JWT authentication details are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.",
  "id": "GHSA-j86x-fwp2-qh7v",
  "modified": "2026-06-05T14:28:31Z",
  "published": "2026-04-13T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/58662"
    },
    {
      "type": "WEB",
      "url": "https://airflow.apache.org/blog/airflow-3.2.0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-8.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/13/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI"
}

GHSA-J873-WCR3-6M2P

Vulnerability from github – Published: 2025-07-20 21:31 – Updated: 2025-07-20 21:31
VLAI
Details

An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-20T21:15:23Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).",
  "id": "GHSA-j873-wcr3-6m2p",
  "modified": "2025-07-20T21:31:17Z",
  "published": "2025-07-20T21:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54319"
    },
    {
      "type": "WEB",
      "url": "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_25-08_sensitive_information_in_logging.pdf?rev=40c4e78bd1524f639a89cd1b005e0f23\u0026hash=64987A18FFECA633F23DB11FE5EAFA9A"
    },
    {
      "type": "WEB",
      "url": "https://www.westermo.com/uk/support/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8H4-W7CF-HCH5

Vulnerability from github – Published: 2023-05-04 21:30 – Updated: 2024-04-04 03:49
VLAI
Details

Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-04T21:15:11Z",
    "severity": "LOW"
  },
  "details": "Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.",
  "id": "GHSA-j8h4-w7cf-hch5",
  "modified": "2024-04-04T03:49:15Z",
  "published": "2023-05-04T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31413"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8W4-G6QH-7PQ3

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33
VLAI
Details

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532",
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:34Z",
    "severity": "MODERATE"
  },
  "details": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-j8w4-g6qh-7pq3",
  "modified": "2026-05-27T15:33:24Z",
  "published": "2026-05-27T15:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5515"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7272270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JCPQ-36RP-CXXV

Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-14 00:00
VLAI
Details

Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-07T19:15:00Z",
    "severity": "LOW"
  },
  "details": "Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.",
  "id": "GHSA-jcpq-36rp-cxxv",
  "modified": "2022-06-14T00:00:26Z",
  "published": "2022-06-08T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30741"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JF4F-RR2C-9M58

Vulnerability from github – Published: 2026-04-14 22:33 – Updated: 2026-05-14 20:51
VLAI
Summary
SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs
Details

Impact

When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI.

Patches

v1.51.1

Workarounds

Change the log level to warn or error.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.51.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/authzed/spicedb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.49.0"
            },
            {
              "fixed": "1.51.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T22:33:06Z",
    "nvd_published_at": "2026-04-15T04:17:46Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen SpiceDB starts with log level `info`, the startup `\"configuration\"` log will include the full datastore DSN, including the plaintext password, inside `DatastoreConfig.URI`.\n\n### Patches\nv1.51.1\n\n### Workarounds\nChange the log level to `warn` or `error`.",
  "id": "GHSA-jf4f-rr2c-9m58",
  "modified": "2026-05-14T20:51:27Z",
  "published": "2026-04-14T22:33:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-jf4f-rr2c-9m58"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40091"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/authzed/spicedb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/releases/tag/v1.51.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SpiceDB\u0027s SPICEDB_DATASTORE_CONN_URI is leaked on startup logs"
}

GHSA-JF75-P25M-PW74

Vulnerability from github – Published: 2025-12-03 16:28 – Updated: 2025-12-04 16:22
VLAI
Summary
Coder logs sensitive objects unsanitized
Details

Summary

Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized

Details

By default Workspace Agent logs are redirected to stderr https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439

Workspace Agent Manifests containing sensitive environment variables were logged insecurely https://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090

An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs

This behavior opened room for unauthorized access and privilege escalation

Impact

Impact varies depending on the environment variables set in a given workspace

Patches

Fix was released & backported: - https://github.com/coder/coder/releases/tag/v2.28.4 - https://github.com/coder/coder/releases/tag/v2.27.7 - https://github.com/coder/coder/releases/tag/v2.26.5

Workarounds

One potential workaround is to disable Workspace Agent Logs by setting following configuration option CODER_AGENT_LOGGING_HUMAN=/dev/null

platform operators are advised to upgrade their deployments

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.26.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.27.0"
            },
            {
              "fixed": "2.27.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.28.0"
            },
            {
              "fixed": "2.28.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-03T16:28:36Z",
    "nvd_published_at": "2025-12-03T20:16:26Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nWorkspace Agent manifests containing sensitive values were logged in plaintext unsanitized\n\n## Details\nBy default Workspace Agent logs are redirected to [stderr](https://linux.die.net/man/3/stderr)\nhttps://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439\n\n[Workspace Agent Manifests](https://coder.com/docs/reference/agent-api/schemas#agentsdkmanifest) containing sensitive environment variables were logged insecurely\nhttps://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090\n\nAn attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system ([SIEM](https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool), logging stack) could access those logs\n\nThis behavior opened room for unauthorized access and privilege escalation\n\n## Impact\nImpact varies depending on the environment variables set in a given workspace\n\n## Patches\n[Fix](https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289) was released \u0026 backported:\n- https://github.com/coder/coder/releases/tag/v2.28.4\n- https://github.com/coder/coder/releases/tag/v2.27.7\n- https://github.com/coder/coder/releases/tag/v2.26.5\n\n## Workarounds\nOne potential workaround is to disable Workspace Agent Logs by setting following configuration option\n`CODER_AGENT_LOGGING_HUMAN=/dev/null` \n\u003e platform operators are advised to upgrade their deployments",
  "id": "GHSA-jf75-p25m-pw74",
  "modified": "2025-12-04T16:22:37Z",
  "published": "2025-12-03T16:28:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66411"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/pull/20968"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/commit/06c6abbe0935f9213c1588add60a396da5762e1c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/commit/a75205a559211c8aa494b1a16750d114b263f24a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/coder/coder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/releases/tag/v2.26.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/releases/tag/v2.27.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/releases/tag/v2.28.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Coder logs sensitive objects unsanitized"
}

GHSA-JFX2-4JJ8-X2WJ

Vulnerability from github – Published: 2025-01-25 15:30 – Updated: 2025-08-13 18:31
VLAI
Details

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-25T14:15:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files.",
  "id": "GHSA-jfx2-4jj8-x2wj",
  "modified": "2025-08-13T18:31:11Z",
  "published": "2025-01-25T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38271"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7159533"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.