CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-JVH2-79V2-QM48
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
{
"affected": [],
"aliases": [
"CVE-2025-5463"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T15:15:32Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.",
"id": "GHSA-jvh2-79v2-qm48",
"modified": "2025-07-08T15:32:04Z",
"published": "2025-07-08T15:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5463"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JVMQ-F3VH-7H27
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.
{
"affected": [],
"aliases": [
"CVE-2018-15763"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-05T21:29:00Z",
"severity": "HIGH"
},
"details": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.",
"id": "GHSA-jvmq-f3vh-7h27",
"modified": "2022-05-13T01:34:07Z",
"published": "2022-05-13T01:34:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15763"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2018-15763"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JW2V-66VP-9X24
Vulnerability from github – Published: 2022-01-18 00:00 – Updated: 2022-01-25 00:02In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
{
"affected": [],
"aliases": [
"CVE-2022-22703"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.",
"id": "GHSA-jw2v-66vp-9x24",
"modified": "2022-01-25T00:02:40Z",
"published": "2022-01-18T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22703"
},
{
"type": "WEB",
"url": "https://advisories.stormshield.eu/2022-001"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JW3V-5CH2-WFMM
Vulnerability from github – Published: 2022-02-15 01:38 – Updated: 2023-07-13 22:11A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.wildfly:wildfly-parent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "21.0.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25640"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-13T22:11:44Z",
"nvd_published_at": "2020-11-24T19:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.",
"id": "GHSA-jw3v-5ch2-wfmm",
"modified": "2023-07-13T22:11:44Z",
"published": "2022-02-15T01:38:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640"
},
{
"type": "WEB",
"url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201210-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Wildfly logs plaintext passwords"
}
GHSA-JW6C-WQ8M-H8G9
Vulnerability from github – Published: 2024-04-19 06:30 – Updated: 2025-02-04 18:30When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
{
"affected": [],
"aliases": [
"CVE-2024-29957"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-19T04:15:09Z",
"severity": "HIGH"
},
"details": "When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.",
"id": "GHSA-jw6c-wq8m-h8g9",
"modified": "2025-02-04T18:30:44Z",
"published": "2024-04-19T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29957"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23241"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JWCC-J78W-J73W
Vulnerability from github – Published: 2018-10-10 17:23 – Updated: 2024-11-18 16:26Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0a1"
},
{
"fixed": "2.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0.0"
},
{
"fixed": "2.4.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10855"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:44:13Z",
"nvd_published_at": "2018-07-03T01:29:00Z",
"severity": "HIGH"
},
"details": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"id": "GHSA-jwcc-j78w-j73w",
"modified": "2024-11-18T16:26:08Z",
"published": "2018-10-10T17:23:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jwcc-j78w-j73w"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4072-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4396"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible exposes sensitive data in log files and on the terminal"
}
GHSA-JWGX-9MMH-684W
Vulnerability from github – Published: 2019-06-13 20:02 – Updated: 2022-02-11 21:13A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-3888"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2019-06-13T20:02:23Z",
"nvd_published_at": "2019-06-12T14:29:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"id": "GHSA-jwgx-9mmh-684w",
"modified": "2022-02-11T21:13:16Z",
"published": "2019-06-13T20:02:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2998"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0019"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108739"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Credential exposure through log files in Undertow"
}
GHSA-JX2R-9QHF-J88M
Vulnerability from github – Published: 2022-05-17 05:08 – Updated: 2026-06-02 21:30The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
{
"affected": [],
"aliases": [
"CVE-2013-4733"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-06-30T19:28:00Z",
"severity": "HIGH"
},
"details": "The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.",
"id": "GHSA-jx2r-9qhf-j88m",
"modified": "2026-06-02T21:30:24Z",
"published": "2022-05-17T05:08:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4733"
},
{
"type": "WEB",
"url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/662676"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"
},
{
"type": "WEB",
"url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JX64-R67P-6V8C
Vulnerability from github – Published: 2025-02-14 06:30 – Updated: 2025-08-26 21:31Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.
{
"affected": [],
"aliases": [
"CVE-2025-1053"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T04:15:08Z",
"severity": "HIGH"
},
"details": "Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.",
"id": "GHSA-jx64-r67p-6v8c",
"modified": "2025-08-26T21:31:06Z",
"published": "2025-02-14T06:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1053"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M26Q-9XVW-WXFG
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2023-01-24 21:30CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.
{
"affected": [],
"aliases": [
"CVE-2019-15235"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim\u0027s session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim\u0027s token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim\u0027s password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.",
"id": "GHSA-m26q-9xvw-wxfg",
"modified": "2023-01-24T21:30:34Z",
"published": "2022-05-24T17:03:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15235"
},
{
"type": "WEB",
"url": "https://centos-webpanel.com/changelog-cwp7"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.