Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1742 vulnerabilities reference this CWE, most recent first.

GHSA-QMV5-F584-5HQG

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30
VLAI
Details

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T14:15:00Z",
    "severity": "LOW"
  },
  "details": "cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).",
  "id": "GHSA-qmv5-f584-5hqg",
  "modified": "2024-04-04T01:30:32Z",
  "published": "2022-05-24T16:52:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18412"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
    },
    {
      "type": "WEB",
      "url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP45-7VJC-WWC4

Vulnerability from github – Published: 2023-09-08 03:30 – Updated: 2024-04-04 07:33
VLAI
Details

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-08T02:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later\n",
  "id": "GHSA-qp45-7vjc-wwc4",
  "modified": "2024-04-04T07:33:41Z",
  "published": "2023-09-08T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27599"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP5W-V6QC-VX8V

Vulnerability from github – Published: 2025-07-17 18:31 – Updated: 2025-07-24 21:30
VLAI
Details

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-51497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T18:15:27Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.",
  "id": "GHSA-qp5w-v6qc-vx8v",
  "modified": "2025-07-24T21:30:38Z",
  "published": "2025-07-17T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51497"
    },
    {
      "type": "WEB",
      "url": "https://adguard.com/en/adguard-safari/overview.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AdguardTeam/AdGuardForSafari"
    },
    {
      "type": "WEB",
      "url": "https://www.mcrich23.com/post/adguard-messed-up-their-logging"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQC5-RGCC-CJQH

Vulnerability from github – Published: 2021-05-18 18:34 – Updated: 2023-08-30 11:37
VLAI
Summary
Information Disclosure in go.elastic.co/apm
Details

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "go.elastic.co/apm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-07T22:01:55Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.",
  "id": "GHSA-qqc5-rgcc-cjqh",
  "modified": "2023-08-30T11:37:11Z",
  "published": "2021-05-18T18:34:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22133"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/apm-agent-go/pull/888"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/apm-agent-go/commit/c5c7e21aa26a6def7790f74fbceed792ad47ef35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/apm-agent-go/commit/dd3e8c593580e7b80a98b57e1cc6e017e56747b4"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/apm-agent-go"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/apm-agent-go/compare/v1.10.0...v1.11.0"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0706"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Information Disclosure in go.elastic.co/apm"
}

GHSA-QQHQ-8R2C-C3F5

Vulnerability from github – Published: 2023-12-15 23:43 – Updated: 2023-12-16 00:51
VLAI
Summary
nvdApiKey is logged in debug mode
Details

Summary

The value of nvdApiKey configuration parameter is logged in clear text in debug mode.

Details

The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print ******

Note that while the NVD API Key is an access token for the NVD API - they are not that sensitive. The only thing an NVD API Token grants is a higher rate limit when making calls to publicly available data. The data available from the NVD API is the same whether you have an API Key or not.

PoC

The nvdApiKey is configured to use an environment variable; when running mvn -X dependency-check:check the clear value is logged twice.

Impact

The NVD API key is a kind of secret and should not be exposed. If stolen, an attacker can use this key to obtain already public information.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.0.5"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.owasp:dependency-check-ant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.0.5"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.owasp:dependency-check-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.owasp:dependency-check-maven"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T23:43:30Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\nThe value of `nvdApiKey` configuration parameter is logged in clear text in debug mode.\n\n### Details\nThe NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode.\nExpecting the same behavior as for several password configurations: just print `******`\n\nNote that while the NVD API Key is an access token for the NVD API - they are not that sensitive. The only thing an NVD API Token grants is a higher rate limit when making calls to publicly available data. The data available from the NVD API is the same whether you have an API Key or not.\n\n### PoC\nThe nvdApiKey is configured to use an environment variable; when running `mvn -X dependency-check:check` the clear value is logged twice.\n\n### Impact\nThe NVD API key is a kind of secret and should not be exposed. If stolen, an attacker can use this key to obtain already public information.\n\n",
  "id": "GHSA-qqhq-8r2c-c3f5",
  "modified": "2023-12-16T00:51:51Z",
  "published": "2023-12-15T23:43:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jeremylong/DependencyCheck"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "nvdApiKey is logged in debug mode"
}

GHSA-QR2V-788M-XVQC

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:23Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.",
  "id": "GHSA-qr2v-788m-xvqc",
  "modified": "2026-02-10T18:30:41Z",
  "published": "2026-02-10T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21222"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QR5H-XP65-3PM4

Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-24 21:30
VLAI
Details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T19:15:38Z",
    "severity": "HIGH"
  },
  "details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information.",
  "id": "GHSA-qr5h-xp65-3pm4",
  "modified": "2025-09-24T21:30:35Z",
  "published": "2025-09-19T21:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34188"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QRF6-GX4G-HQV9

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-16 00:00
VLAI
Details

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.",
  "id": "GHSA-qrf6-gx4g-hqv9",
  "modified": "2022-09-16T00:00:29Z",
  "published": "2022-09-14T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39821"
    },
    {
      "type": "WEB",
      "url": "https://www.gruppotim.it/it/footer/red-team.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRPM-2F6M-PF3C

Vulnerability from github – Published: 2022-04-28 00:00 – Updated: 2022-05-05 00:00
VLAI
Details

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-27T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.",
  "id": "GHSA-qrpm-2f6m-pf3c",
  "modified": "2022-05-05T00:00:31Z",
  "published": "2022-04-28T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38939"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211037"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6574787"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV9R-4W4X-36G7

Vulnerability from github – Published: 2023-08-11 15:30 – Updated: 2024-04-04 06:52
VLAI
Details

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T14:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.",
  "id": "GHSA-qv9r-4w4x-36g7",
  "modified": "2024-04-04T06:52:36Z",
  "published": "2023-08-11T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24804"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cms-dev/cms/issues/1160"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.