CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-J72J-HJPX-V29V
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11ProjectSend before r1070 writes user passwords to the server logs.
{
"affected": [],
"aliases": [
"CVE-2019-11492"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-26T21:29:00Z",
"severity": "HIGH"
},
"details": "ProjectSend before r1070 writes user passwords to the server logs.",
"id": "GHSA-j72j-hjpx-v29v",
"modified": "2024-04-04T00:11:29Z",
"published": "2022-05-24T16:44:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11492"
},
{
"type": "WEB",
"url": "https://www.projectsend.org/change-log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J7CV-VCX2-4X46
Vulnerability from github – Published: 2023-08-16 15:30 – Updated: 2024-04-04 06:59Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-32491"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T14:15:11Z",
"severity": "MODERATE"
},
"details": "\nDell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.\n\n",
"id": "GHSA-j7cv-vcx2-4x46",
"modified": "2024-04-04T06:59:43Z",
"published": "2023-08-16T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32491"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J86X-FWP2-QH7V
Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-06-05 14:28Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model, workload isolation, and JWT authentication details are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement.
Users are recommended to upgrade to version 3.2.0, which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66236"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T23:16:51Z",
"nvd_published_at": "2026-04-13T15:17:05Z",
"severity": "MODERATE"
},
"details": "Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow\u0027s intentions and security model of Airflow did not suggest different assumptions. The overall security model, workload isolation, and JWT authentication details are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.",
"id": "GHSA-j86x-fwp2-qh7v",
"modified": "2026-06-05T14:28:31Z",
"published": "2026-04-13T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66236"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/58662"
},
{
"type": "WEB",
"url": "https://airflow.apache.org/blog/airflow-3.2.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-8.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI"
}
GHSA-J873-WCR3-6M2P
Vulnerability from github – Published: 2025-07-20 21:31 – Updated: 2025-07-20 21:31An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).
{
"affected": [],
"aliases": [
"CVE-2025-54319"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-20T21:15:23Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).",
"id": "GHSA-j873-wcr3-6m2p",
"modified": "2025-07-20T21:31:17Z",
"published": "2025-07-20T21:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54319"
},
{
"type": "WEB",
"url": "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_25-08_sensitive_information_in_logging.pdf?rev=40c4e78bd1524f639a89cd1b005e0f23\u0026hash=64987A18FFECA633F23DB11FE5EAFA9A"
},
{
"type": "WEB",
"url": "https://www.westermo.com/uk/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J8H4-W7CF-HCH5
Vulnerability from github – Published: 2023-05-04 21:30 – Updated: 2024-04-04 03:49Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
{
"affected": [],
"aliases": [
"CVE-2023-31413"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-04T21:15:11Z",
"severity": "LOW"
},
"details": "Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.",
"id": "GHSA-j8h4-w7cf-hch5",
"modified": "2024-04-04T03:49:15Z",
"published": "2023-05-04T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31413"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J8W4-G6QH-7PQ3
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
{
"affected": [],
"aliases": [
"CVE-2026-5515"
],
"database_specific": {
"cwe_ids": [
"CWE-532",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:34Z",
"severity": "MODERATE"
},
"details": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.",
"id": "GHSA-j8w4-g6qh-7pq3",
"modified": "2026-05-27T15:33:24Z",
"published": "2026-05-27T15:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5515"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7272270"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCPQ-36RP-CXXV
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-14 00:00Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
{
"affected": [],
"aliases": [
"CVE-2022-30741"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T19:15:00Z",
"severity": "LOW"
},
"details": "Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.",
"id": "GHSA-jcpq-36rp-cxxv",
"modified": "2022-06-14T00:00:26Z",
"published": "2022-06-08T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30741"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JF4F-RR2C-9M58
Vulnerability from github – Published: 2026-04-14 22:33 – Updated: 2026-05-14 20:51Impact
When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI.
Patches
v1.51.1
Workarounds
Change the log level to warn or error.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.51.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/authzed/spicedb"
},
"ranges": [
{
"events": [
{
"introduced": "1.49.0"
},
{
"fixed": "1.51.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40091"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T22:33:06Z",
"nvd_published_at": "2026-04-15T04:17:46Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen SpiceDB starts with log level `info`, the startup `\"configuration\"` log will include the full datastore DSN, including the plaintext password, inside `DatastoreConfig.URI`.\n\n### Patches\nv1.51.1\n\n### Workarounds\nChange the log level to `warn` or `error`.",
"id": "GHSA-jf4f-rr2c-9m58",
"modified": "2026-05-14T20:51:27Z",
"published": "2026-04-14T22:33:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-jf4f-rr2c-9m58"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40091"
},
{
"type": "PACKAGE",
"url": "https://github.com/authzed/spicedb"
},
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/releases/tag/v1.51.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "SpiceDB\u0027s SPICEDB_DATASTORE_CONN_URI is leaked on startup logs"
}
GHSA-JF75-P25M-PW74
Vulnerability from github – Published: 2025-12-03 16:28 – Updated: 2025-12-04 16:22Summary
Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized
Details
By default Workspace Agent logs are redirected to stderr https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439
Workspace Agent Manifests containing sensitive environment variables were logged insecurely https://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090
An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs
This behavior opened room for unauthorized access and privilege escalation
Impact
Impact varies depending on the environment variables set in a given workspace
Patches
Fix was released & backported: - https://github.com/coder/coder/releases/tag/v2.28.4 - https://github.com/coder/coder/releases/tag/v2.27.7 - https://github.com/coder/coder/releases/tag/v2.26.5
Workarounds
One potential workaround is to disable Workspace Agent Logs by setting following configuration option
CODER_AGENT_LOGGING_HUMAN=/dev/null
platform operators are advised to upgrade their deployments
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.26.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.27.0"
},
{
"fixed": "2.27.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.28.0"
},
{
"fixed": "2.28.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66411"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-03T16:28:36Z",
"nvd_published_at": "2025-12-03T20:16:26Z",
"severity": "HIGH"
},
"details": "## Summary\nWorkspace Agent manifests containing sensitive values were logged in plaintext unsanitized\n\n## Details\nBy default Workspace Agent logs are redirected to [stderr](https://linux.die.net/man/3/stderr)\nhttps://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439\n\n[Workspace Agent Manifests](https://coder.com/docs/reference/agent-api/schemas#agentsdkmanifest) containing sensitive environment variables were logged insecurely\nhttps://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090\n\nAn attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system ([SIEM](https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool), logging stack) could access those logs\n\nThis behavior opened room for unauthorized access and privilege escalation\n\n## Impact\nImpact varies depending on the environment variables set in a given workspace\n\n## Patches\n[Fix](https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289) was released \u0026 backported:\n- https://github.com/coder/coder/releases/tag/v2.28.4\n- https://github.com/coder/coder/releases/tag/v2.27.7\n- https://github.com/coder/coder/releases/tag/v2.26.5\n\n## Workarounds\nOne potential workaround is to disable Workspace Agent Logs by setting following configuration option\n`CODER_AGENT_LOGGING_HUMAN=/dev/null` \n\u003e platform operators are advised to upgrade their deployments",
"id": "GHSA-jf75-p25m-pw74",
"modified": "2025-12-04T16:22:37Z",
"published": "2025-12-03T16:28:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66411"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/pull/20968"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/commit/06c6abbe0935f9213c1588add60a396da5762e1c"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/commit/a75205a559211c8aa494b1a16750d114b263f24a"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289"
},
{
"type": "PACKAGE",
"url": "https://github.com/coder/coder"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/releases/tag/v2.26.5"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/releases/tag/v2.27.7"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/releases/tag/v2.28.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Coder logs sensitive objects unsanitized"
}
GHSA-JFX2-4JJ8-X2WJ
Vulnerability from github – Published: 2025-01-25 15:30 – Updated: 2025-08-13 18:31IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
{
"affected": [],
"aliases": [
"CVE-2023-38271"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-25T14:15:28Z",
"severity": "MODERATE"
},
"details": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files.",
"id": "GHSA-jfx2-4jj8-x2wj",
"modified": "2025-08-13T18:31:11Z",
"published": "2025-01-25T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38271"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.