Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-QHQ8-VG87-FPM2

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-01T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.",
  "id": "GHSA-qhq8-vg87-fpm2",
  "modified": "2022-05-24T17:46:25Z",
  "published": "2022-05-24T17:46:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23924"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/devo-2021-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJ23-W8JM-W8WV

Vulnerability from github – Published: 2025-07-03 12:34 – Updated: 2025-07-03 12:34
VLAI
Details

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T10:15:37Z",
    "severity": "MODERATE"
  },
  "details": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u00a0\nA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.",
  "id": "GHSA-qj23-w8jm-w8wv",
  "modified": "2025-07-03T12:34:56Z",
  "published": "2025-07-03T12:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6587"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QJ3C-9P7W-6V83

Vulnerability from github – Published: 2025-04-22 06:30 – Updated: 2025-04-22 06:30
VLAI
Details

Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-22T05:15:30Z",
    "severity": "MODERATE"
  },
  "details": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\nThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.",
  "id": "GHSA-qj3c-9p7w-6v83",
  "modified": "2025-04-22T06:30:29Z",
  "published": "2025-04-22T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2300"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-112/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ6W-VQH8-3WWG

Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30
VLAI
Details

Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36544"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.",
  "id": "GHSA-qj6w-vqh8-3wwg",
  "modified": "2023-02-10T03:30:20Z",
  "published": "2023-02-03T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36544"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/happy_source/tpcms/issues/I3YNWY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJQ5-4C8Q-X94F

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T17:15:00Z",
    "severity": "LOW"
  },
  "details": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.",
  "id": "GHSA-qjq5-4c8q-x94f",
  "modified": "2022-05-24T19:06:58Z",
  "published": "2022-05-24T19:06:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29759"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6469449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJQG-4WG7-957H

Vulnerability from github – Published: 2024-05-15 03:30 – Updated: 2025-02-13 18:59
VLAI
Summary
azure-file-csi-driver leaks service account tokens in the logs
Details

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.29.3"
      },
      "package": {
        "ecosystem": "Go",
        "name": "sigs.k8s.io/azurefile-csi-driver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.29.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "sigs.k8s.io/azurefile-csi-driver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.30.0"
            },
            {
              "fixed": "1.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.30.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-3744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T17:16:58Z",
    "nvd_published_at": "2024-05-15T01:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.",
  "id": "GHSA-qjqg-4wg7-957h",
  "modified": "2025-02-13T18:59:21Z",
  "published": "2024-05-15T03:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3744"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/124759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/09/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "azure-file-csi-driver leaks service account tokens in the logs"
}

GHSA-QM7J-J8V5-52QC

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-13 00:00
VLAI
Details

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-04T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator\u0027s user name and password.",
  "id": "GHSA-qm7j-j8v5-52qc",
  "modified": "2022-04-13T00:00:46Z",
  "published": "2022-04-05T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27442"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/happy_source/tpcms/issues/I3YNWY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMV5-F584-5HQG

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30
VLAI
Details

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T14:15:00Z",
    "severity": "LOW"
  },
  "details": "cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).",
  "id": "GHSA-qmv5-f584-5hqg",
  "modified": "2024-04-04T01:30:32Z",
  "published": "2022-05-24T16:52:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18412"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
    },
    {
      "type": "WEB",
      "url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP45-7VJC-WWC4

Vulnerability from github – Published: 2023-09-08 03:30 – Updated: 2024-04-04 07:33
VLAI
Details

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-08T02:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later\n",
  "id": "GHSA-qp45-7vjc-wwc4",
  "modified": "2024-04-04T07:33:41Z",
  "published": "2023-09-08T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27599"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP5W-V6QC-VX8V

Vulnerability from github – Published: 2025-07-17 18:31 – Updated: 2025-07-24 21:30
VLAI
Details

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-51497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T18:15:27Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.",
  "id": "GHSA-qp5w-v6qc-vx8v",
  "modified": "2025-07-24T21:30:38Z",
  "published": "2025-07-17T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51497"
    },
    {
      "type": "WEB",
      "url": "https://adguard.com/en/adguard-safari/overview.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AdguardTeam/AdGuardForSafari"
    },
    {
      "type": "WEB",
      "url": "https://www.mcrich23.com/post/adguard-messed-up-their-logging"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.