CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-RCXJ-GJXV-RF5C
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-02-02 21:33OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.
{
"affected": [],
"aliases": [
"CVE-2019-14854"
],
"database_specific": {
"cwe_ids": [
"CWE-117",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-07T17:15:00Z",
"severity": "MODERATE"
},
"details": "OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.",
"id": "GHSA-rcxj-gjxv-rf5c",
"modified": "2023-02-02T21:33:45Z",
"published": "2022-05-24T17:05:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14854"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4075"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4081"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4091"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4098"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2019-14854"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758953"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14854"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RFVG-559M-H7MR
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
{
"affected": [],
"aliases": [
"CVE-2017-15366"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-26T20:29:00Z",
"severity": "CRITICAL"
},
"details": "Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.",
"id": "GHSA-rfvg-559m-h7mr",
"modified": "2022-05-13T01:43:45Z",
"published": "2022-05-13T01:43:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15366"
},
{
"type": "WEB",
"url": "https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG5F-R5JW-RVXG
Vulnerability from github – Published: 2025-02-19 12:31 – Updated: 2025-08-25 03:33Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
{
"affected": [],
"aliases": [
"CVE-2025-1075"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-19T10:15:09Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Log File in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p27, \u003c2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.",
"id": "GHSA-rg5f-r5jw-rvxg",
"modified": "2025-08-25T03:33:05Z",
"published": "2025-02-19T12:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1075"
},
{
"type": "WEB",
"url": "https://checkmk.com/werk/17495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RHR8-H74G-4F3H
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2025-06-05 00:31Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
{
"affected": [],
"aliases": [
"CVE-2020-14518"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T13:15:00Z",
"severity": "MODERATE"
},
"details": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.",
"id": "GHSA-rhr8-h74g-4f3h",
"modified": "2025-06-05T00:31:17Z",
"published": "2022-05-24T17:26:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14518"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"type": "WEB",
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RJ3H-XXG4-Q2H4
Vulnerability from github – Published: 2026-02-10 21:31 – Updated: 2026-02-10 21:31The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
{
"affected": [],
"aliases": [
"CVE-2026-1495"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T21:16:01Z",
"severity": "MODERATE"
},
"details": "The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.",
"id": "GHSA-rj3h-xxg4-q2h4",
"modified": "2026-02-10T21:31:31Z",
"published": "2026-02-10T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1495"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RJC6-VM4H-85CG
Vulnerability from github – Published: 2024-09-11 19:20 – Updated: 2024-09-11 19:20Summary
The AWS Serverless Application Model (SAM) CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container (Docker) images and customers can specify arguments in the SAM template that are passed to the Docker engine during build [1].
Impact
If customers specify sensitive data in the DockerBuildArgs parameter of their template, the sensitive data will be shown in clear text in the AWS SAM CLI output via STDERR when running the sam build command.
Patches
A patch is included in aws-sam-cli>=1.122.0.
We strongly recommend customers install AWS SAM CLI v1.122.0 or above. Please review logs produced by your SAM CLI runs if you have used the DockerBuildArgs parameter and consider rotating the secrets if you believe they were exposed.
References
If you have any questions or comments about this issue, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
[1] https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-build.html#build-container-image
[2] https://aws.amazon.com/security/vulnerability-reporting
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aws-sam-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.122.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-11T19:20:57Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe AWS Serverless Application Model (SAM) CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container (Docker) images and customers can specify arguments in the SAM template that are passed to the Docker engine during build [1].\n\n### Impact\nIf customers specify sensitive data in the DockerBuildArgs parameter of their template, the sensitive data will be shown in clear text in the AWS SAM CLI output via STDERR when running the sam build command.\n\n### Patches\nA patch is included in aws-sam-cli\u003e=1.122.0.\n\nWe strongly recommend customers install AWS SAM CLI v1.122.0 or above. Please review logs produced by your SAM CLI runs if you have used the DockerBuildArgs parameter and consider rotating the secrets if you believe they were exposed.\n\n### References\nIf you have any questions or comments about this issue, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [2] or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n[1] https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-build.html#build-container-image \n\n[2] https://aws.amazon.com/security/vulnerability-reporting\n",
"id": "GHSA-rjc6-vm4h-85cg",
"modified": "2024-09-11T19:20:57Z",
"published": "2024-09-11T19:20:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-sam-cli/security/advisories/GHSA-rjc6-vm4h-85cg"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-sam-cli"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs"
}
GHSA-RJC9-V6HH-HQ3J
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
{
"affected": [],
"aliases": [
"CVE-2017-0380"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-18T16:29:00Z",
"severity": "MODERATE"
},
"details": "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.",
"id": "GHSA-rjc9-v6hh-hq3j",
"modified": "2022-05-17T00:26:09Z",
"published": "2022-05-17T00:26:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0380"
},
{
"type": "WEB",
"url": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
},
{
"type": "WEB",
"url": "https://trac.torproject.org/projects/tor/ticket/23490"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3993"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039519"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RM7C-X6GJ-2MR8
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-04-24 21:35An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/heketi/heketi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10763"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-24T21:35:03Z",
"nvd_published_at": "2020-11-24T17:15:00Z",
"severity": "MODERATE"
},
"details": "An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.",
"id": "GHSA-rm7c-x6gj-2mr8",
"modified": "2024-04-24T21:35:03Z",
"published": "2022-05-24T17:34:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10763"
},
{
"type": "WEB",
"url": "https://github.com/heketi/heketi/commit/be1583833924e62d2581824a0addcba0aed33c99"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845387"
},
{
"type": "WEB",
"url": "https://github.com/heketi/heketi/releases/tag/v10.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Heketi logs sensitive information"
}
GHSA-RMCP-9FHQ-58PV
Vulnerability from github – Published: 2024-10-05 00:34 – Updated: 2024-12-06 22:11An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mediawiki/abuse-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.39.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "mediawiki/abuse-filter"
},
"ranges": [
{
"events": [
{
"introduced": "1.40.0"
},
{
"fixed": "1.41.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "mediawiki/abuse-filter"
},
"ranges": [
{
"events": [
{
"introduced": "1.42.0"
},
{
"fixed": "1.42.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47913"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-06T22:11:48Z",
"nvd_published_at": "2024-10-04T22:15:02Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.",
"id": "GHSA-rmcp-9fhq-58pv",
"modified": "2024-12-06T22:11:48Z",
"published": "2024-10-05T00:34:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47913"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855"
},
{
"type": "PACKAGE",
"url": "https://github.com/wikimedia/mediawiki-extensions-AbuseFilter"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T372998"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper permissions handling in MediaWiki AbuseFilter"
}
GHSA-RMQ4-54XJ-P4FG
Vulnerability from github – Published: 2022-11-04 19:01 – Updated: 2022-11-14 19:00The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
{
"affected": [],
"aliases": [
"CVE-2022-27893"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-04T16:15:00Z",
"severity": "MODERATE"
},
"details": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.",
"id": "GHSA-rmq4-54xj-p4fg",
"modified": "2022-11-14T19:00:20Z",
"published": "2022-11-04T19:01:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27893"
},
{
"type": "WEB",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.