Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-M5QR-352X-8XH6

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30
VLAI
Details

cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "cPanel before 66.0.2 allows resellers to read other accounts\u0027 domain log files (SEC-288).",
  "id": "GHSA-m5qr-352x-8xh6",
  "modified": "2024-04-04T01:30:54Z",
  "published": "2022-05-24T16:52:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18426"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M5R4-QHX5-2G4C

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 15:30
VLAI
Details

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The logs of sensitive information (PII) or hardware identifier should only be printed in Android \"userdebug\" or \"eng\" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user\u0027s account name (i.e. PII), in Android \"user\" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776",
  "id": "GHSA-m5r4-qhx5-2g4c",
  "modified": "2023-02-01T15:30:20Z",
  "published": "2023-01-26T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20458"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/aaos/2023-01-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M664-MXMW-5947

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-16T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.",
  "id": "GHSA-m664-mxmw-5947",
  "modified": "2022-05-24T19:11:27Z",
  "published": "2022-05-24T19:11:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36278"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000190408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M67C-WPPJ-7MM2

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29
VLAI
Details

An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.",
  "id": "GHSA-m67c-wppj-7mm2",
  "modified": "2024-04-04T08:29:53Z",
  "published": "2023-10-10T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25604"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M67G-87RX-V42C

Vulnerability from github – Published: 2026-05-28 18:30 – Updated: 2026-07-02 17:30
VLAI
Summary
Calico Inserts Sensitive Information into Log File
Details

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD and DEL invocation — once per pod scheduled or terminated on the node. When the cluster is deployed using token-based Kubernetes authentication, this log entry contains the ServiceAccount token, client key, and certificate authority in plaintext. Any principal with read access to /var/log/calico/cni/cni.log on a node  can read these logs and extract the credentials, which grant cluster-wide Calico networking admin privileges.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/projectcalico/calico"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "3.31.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/projectcalico/calico"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.0-cni-plugin.0.20260417001138-cd73bc2cea0f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T17:30:20Z",
    "nvd_published_at": "2026-05-28T17:16:22Z",
    "severity": "MODERATE"
  },
  "details": "When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD and DEL invocation \u2014 once per pod scheduled or terminated on the node. When the cluster is deployed using token-based Kubernetes authentication, this log entry contains the ServiceAccount token, client key, and certificate authority in plaintext. Any principal with read access to /var/log/calico/cni/cni.log on a node\u00a0 can read these logs and extract the credentials, which grant cluster-wide Calico networking admin privileges.",
  "id": "GHSA-m67g-87rx-v42c",
  "modified": "2026-07-02T17:30:20Z",
  "published": "2026-05-28T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/pull/12502"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/pull/12526"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/pull/12527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/commit/0ca653db0ae7400ea9fb066daa7f45c902482271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/commit/cd73bc2cea0f4989772f2deb93909e7cfac927e0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcalico/calico/commit/da9ea3a13927a35e4022b787d17a005b2157d812"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/projectcalico/calico"
    },
    {
      "type": "WEB",
      "url": "https://www.tigera.io/security-bulletins/tta-2026-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Calico Inserts Sensitive Information into Log File"
}

GHSA-M755-M8M9-Q8V4

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2023-01-24 21:30
VLAI
Details

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim\u0027s session file name from the /tmp directory, and the victim\u0027s token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim\u0027s password (for the OS and phpMyAdmin) via an attacker account.",
  "id": "GHSA-m755-m8m9-q8v4",
  "modified": "2023-01-24T21:30:34Z",
  "published": "2022-05-24T17:03:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14782"
    },
    {
      "type": "WEB",
      "url": "https://centos-webpanel.com/changelog-cwp7"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M757-P8RV-4Q93

Vulnerability from github – Published: 2024-03-06 15:31 – Updated: 2025-02-13 19:09
VLAI
Summary
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Details

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.linkis:linkis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-06T17:07:09Z",
    "nvd_published_at": "2024-03-06T14:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In Apache Linkis \u003c=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.\u00a0\nWe recommend users upgrade the version of Linkis to version 1.5.0",
  "id": "GHSA-m757-p8rv-4q93",
  "modified": "2025-02-13T19:09:14Z",
  "published": "2024-03-06T15:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50740"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/linkis/commit/08cbcfca140afebae10e1582ee87721578719ded"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/linkis"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged"
}

GHSA-M833-87VF-576C

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2023-08-18 21:25
VLAI
Summary
ovirt-engine Logs Plaintext Passwords To File
Details

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.ovirt.engine.sdk:ovirt-engine-sdk-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-15113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T22:33:08Z",
    "nvd_published_at": "2018-07-27T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.",
  "id": "GHSA-m833-87vf-576c",
  "modified": "2023-08-18T21:25:10Z",
  "published": "2022-05-13T01:37:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15113"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2017:3138"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commitdiff;h=f4a5d0cc772127dbfe40789e26c4633ceea07d14;hp=e6e8704ac9eb115624ff66e2965877d8e63a45f4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/oVirt/ovirt-engine"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124121521/https://www.securityfocus.com/bid/101933"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ovirt-engine Logs Plaintext Passwords To File",
  "withdrawn": "2023-08-18T21:25:10Z"
}

GHSA-M87F-39Q9-6F55

Vulnerability from github – Published: 2022-04-05 17:47 – Updated: 2022-04-05 17:47
VLAI
Summary
Sensitive Auth & Cookie data stored in Jupyter server logs
Details

Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.

Upgrade to notebook version 6.4.10

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: @3coins for reporting. Thank you!

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-05T17:47:26Z",
    "nvd_published_at": "2022-03-31T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.\n\nUpgrade to notebook version 6.4.10\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org).\n\nCredit: @3coins for reporting. Thank you!\n\n",
  "id": "GHSA-m87f-39q9-6f55",
  "modified": "2022-04-05T17:47:26Z",
  "published": "2022-04-05T17:47:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24758"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/notebook"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-180.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Auth \u0026 Cookie data stored in Jupyter server logs"
}

GHSA-M88W-QCR5-CQ82

Vulnerability from github – Published: 2024-07-22 15:32 – Updated: 2024-07-22 15:32
VLAI
Details

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T15:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2024.07 parameters of the \"password\" type could leak into the build log in some specific cases",
  "id": "GHSA-m88w-qcr5-cq82",
  "modified": "2024-07-22T15:32:42Z",
  "published": "2024-07-22T15:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41824"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.