CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-XCCP-97WP-3GJG
Vulnerability from github – Published: 2026-05-11 09:30 – Updated: 2026-06-05 14:15The OpenSearch logging provider, when configured with a host URL that embeds credentials (for example https://user:password@server.example.com:9200), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to apache-airflow-providers-opensearch 1.9.1 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the [opensearch] host URL.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-providers-opensearch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43826"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-15T17:30:13Z",
"nvd_published_at": "2026-05-11T09:16:26Z",
"severity": "MODERATE"
},
"details": "The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL \u2014 including the embedded credentials \u2014 into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to `apache-airflow-providers-opensearch` 1.9.1 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the `[opensearch] host` URL.",
"id": "GHSA-xccp-97wp-3gjg",
"modified": "2026-06-05T14:15:13Z",
"published": "2026-05-11T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43826"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/65509"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/6a6b6ff409fb48c28bd63482828632a3c5a5bb93"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-opensearch/PYSEC-2026-23.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/bxsrqx1vwssovnwnrvgh9xcosptmf73y"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/10/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL"
}
GHSA-XCFJ-CQRF-MWPJ
Vulnerability from github – Published: 2022-05-28 00:00 – Updated: 2022-06-10 00:00Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2022-20806"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-27T14:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
"id": "GHSA-xcfj-cqrf-mwpj",
"modified": "2022-06-10T00:00:57Z",
"published": "2022-05-28T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20806"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCP4-62VJ-CQ3R
Vulnerability from github – Published: 2024-05-13 16:04 – Updated: 2024-05-14 20:04Impact
When opening a form in Valtimo, the access token (JWT) of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user.
This issue is caused by a misconfiguration of the Form.io component.
Attack requirements
The following conditions have to be met in order to perform this attack:
- An attacker needs to have access to the network traffic on the api.form.io domain.
- The content of the x-jwt-token header is logged or otherwise available to the attacker.
- An attacker needs to have network access to the Valtimo API.
- An attacker needs to act within the time-to-live of the access token. The default TTL in Keycloak is 5 minutes.
Patches
Versions 10.8.4, 11.1.6 and 11.2.2 have been patched
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@valtimo/components"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@valtimo/components"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@valtimo/components"
},
"ranges": [
{
"events": [
{
"introduced": "11.2.0"
},
{
"fixed": "11.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-34706"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-13T16:04:55Z",
"nvd_published_at": "2024-05-14T15:39:29Z",
"severity": "CRITICAL"
},
"details": "### Impact\nWhen opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user.\n\nThis issue is caused by a misconfiguration of the Form.io component.\n\n### Attack requirements ###\nThe following conditions have to be met in order to perform this attack:\n- An attacker needs to have access to the network traffic on the `api.form.io` domain.\n- The content of the `x-jwt-token` header is logged or otherwise available to the attacker.\n- An attacker needs to have network access to the Valtimo API.\n- An attacker needs to act within the time-to-live of the access token. The default TTL in Keycloak is 5 minutes.\n\n### Patches\nVersions 10.8.4, 11.1.6 and 11.2.2 have been patched",
"id": "GHSA-xcp4-62vj-cq3r",
"modified": "2024-05-14T20:04:06Z",
"published": "2024-05-13T16:04:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/valtimo-platform/valtimo-frontend-libraries/security/advisories/GHSA-xcp4-62vj-cq3r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34706"
},
{
"type": "WEB",
"url": "https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/1aaba5ef5750dafebbc7476fb08bf2375a25f19e"
},
{
"type": "WEB",
"url": "https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/8c2dbf2a41180d2b0358d878290e4d37168f0fb6"
},
{
"type": "WEB",
"url": "https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/d65e05fd2784bd4a628778b34a5b79ce2f0cef8c"
},
{
"type": "PACKAGE",
"url": "https://github.com/valtimo-platform/valtimo-frontend-libraries"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "@valtimo/components exposes access token to form.io"
}
GHSA-XCP8-HH74-F6MC
Vulnerability from github – Published: 2018-07-13 15:16 – Updated: 2024-10-07 21:21python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "oslo.middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.9.0"
},
{
"fixed": "3.19.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "oslo.middleware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "oslo.middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.20.0"
},
{
"fixed": "3.23.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "oslo-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.9.0"
},
{
"fixed": "3.19.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "oslo-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "oslo-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.20.0"
},
{
"fixed": "3.23.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-2592"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T22:02:55Z",
"nvd_published_at": "2018-05-08T17:29:00Z",
"severity": "HIGH"
},
"details": "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback\u0027s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).",
"id": "GHSA-xcp8-hh74-f6mc",
"modified": "2024-10-07T21:21:51Z",
"published": "2018-07-13T15:16:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2592"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xcp8-hh74-f6mc"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/oslo.middleware"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/oslo-middleware/PYSEC-2018-104.yaml"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/425730"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/425732"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/425734"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3666-1"
},
{
"type": "WEB",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "oslo.middleware Information Disclosure vulnerability"
}
GHSA-XCWF-V48Q-2F24
Vulnerability from github – Published: 2022-05-17 02:54 – Updated: 2022-05-17 02:54IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
{
"affected": [],
"aliases": [
"CVE-2016-9985"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-08T19:59:00Z",
"severity": "MODERATE"
},
"details": "IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.",
"id": "GHSA-xcwf-v48q-2f24",
"modified": "2022-05-17T02:54:32Z",
"published": "2022-05-17T02:54:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9985"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999671"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96962"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XF88-3PMX-M4VW
Vulnerability from github – Published: 2026-05-29 09:31 – Updated: 2026-06-08 12:30The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
{
"affected": [],
"aliases": [
"CVE-2026-49200"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-29T09:16:18Z",
"severity": "CRITICAL"
},
"details": "The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.",
"id": "GHSA-xf88-3pmx-m4vw",
"modified": "2026-06-08T12:30:28Z",
"published": "2026-05-29T09:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49200"
},
{
"type": "WEB",
"url": "https://community.acer.com/en/kb/articles/19673"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XFHF-JH8M-PMV3
Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-08 00:00A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
{
"affected": [],
"aliases": [
"CVE-2022-28625"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-31T16:15:00Z",
"severity": "MODERATE"
},
"details": "A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.",
"id": "GHSA-xfhf-jh8m-pmv3",
"modified": "2022-09-08T00:00:32Z",
"published": "2022-09-01T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28625"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XFJ7-QF8W-2GCR
Vulnerability from github – Published: 2024-02-08 18:44 – Updated: 2024-10-16 17:05Impact
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDIT_LEVEL set to 1 or above are impacted by this issue.
The leaks might be caught in the audit logs upon these actions:
- Creating cloud credentials or new authentication providers. It is crucial to note that all authentication providers (such as AzureAD) and cloud providers (such as Google) are impacted.
- Downloading a kubeconfig file from a downstream or a local cluster.
- Logging in/out from Rancher.
The affected data may include the following:
- HTTP headers
| Field | Location |
|---|---|
| X-Api-Auth-Header | Request header |
| X-Api-Set-Cookie-Header | Response header |
| X-Amz-Security-Token | Request header |
| credentials | Request body |
| applicationSecret | Request Body |
| oauthCredential | Request Body |
| serviceAccountCredential | Request Body |
| spKey | Request Body |
| spCert | Request body |
| spCert | Response body |
| certificate | Request body |
| privateKey | Request body |
- API Server calls returning
Secretobjects (including sub-types, such askubernetes.io/dockerconfigjson). - Raw command lines used by agents to connect to the Rancher server which expose sensitive information (e.g.
register ... --token abc). Kubeconfigcontents when the 'Download KubeConfig' feature is used in the Rancher UI.
The patched versions will redact the sensitive data, replacing it with [redacted], making it safer for consumption. It is recommended that static secrets are rotated after the system is patched, to limit the potential impact of sensitive data being misused due to this vulnerability.
Note: 1. The severity of the vulnerability is intricately tied to the logging strategy employed. If logs are kept locally (default configuration), the impact is contained within the system, limiting the exposure. However, when logs are shipped to an external endpoint, the vulnerability's severity might increase, as resistance against leaks is contingent on the security measures implemented at the external log collector level. 2. The final impact severity for confidentiality, integrity and availability is dependent on the permissions that the leaked credentials have on their own services.
Patches
Patched versions include releases 2.6.14, 2.7.10 and 2.8.2.
Workarounds
If AUDIT_LEVEL 1 or above is required and you cannot update to a patched Rancher version, ensure that the log is handled appropriately and it is not shared with other users or shipped into a log ingestion solution without the appropriate RBAC enforcement. Otherwise, disabling the Audit feature or decreasing it to the audit level 0, mitigates the issue.
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22649"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-08T18:44:25Z",
"nvd_published_at": "2024-10-16T08:15:04Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA vulnerability has been identified which may lead to sensitive data being leaked into Rancher\u0027s audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.\n\nThe leaks might be caught in the audit logs upon these actions:\n\n- Creating cloud credentials or new authentication providers. It is crucial to note that **all** [authentication providers](https://ranchermanager.docs.rancher.com/pages-for-subheaders/authentication-config#external-vs-local-authentication) (such as AzureAD) and [cloud providers](https://ranchermanager.docs.rancher.com/pages-for-subheaders/set-up-cloud-providers) (such as Google) are impacted. \n- Downloading a kubeconfig file from a downstream or a local cluster.\n- Logging in/out from Rancher.\n\nThe affected data may include the following:\n\n- HTTP headers\n\nField | Location\n-- | --\nX-Api-Auth-Header | Request header\nX-Api-Set-Cookie-Header | Response header\nX-Amz-Security-Token | Request header\ncredentials | Request body\napplicationSecret | Request Body\noauthCredential | Request Body\nserviceAccountCredential | Request Body\nspKey | Request Body\nspCert | Request body\nspCert | Response body\ncertificate | Request body\nprivateKey | Request body\n \n- API Server calls returning `Secret` objects (including sub-types, such as `kubernetes.io/dockerconfigjson`).\n- Raw command lines used by agents to connect to the Rancher server which expose sensitive information (e.g. `register ... --token abc`).\n- `Kubeconfig` contents when the \u0027Download KubeConfig\u0027 feature is used in the Rancher UI.\n\nThe patched versions will redact the sensitive data, replacing it with `[redacted]`, making it safer for consumption. It is recommended that static secrets are rotated after the system is patched, to limit the potential impact of sensitive data being misused due to this vulnerability.\n\n**Note:**\n1. The severity of the vulnerability is intricately tied to the logging strategy employed. If logs are kept locally (default configuration), the impact is contained within the system, limiting the exposure.\nHowever, when logs are shipped to an external endpoint, the vulnerability\u0027s severity might increase, as resistance against leaks is contingent on the security measures implemented at the external log collector level.\n2. The final impact severity for confidentiality, integrity and availability is dependent on the permissions that the leaked credentials have on their own services.\n\n\n### Patches\nPatched versions include releases `2.6.14`, `2.7.10` and `2.8.2`.\n\n### Workarounds\nIf `AUDIT_LEVEL` `1 or above` is required and you cannot update to a patched Rancher version, ensure that the log is handled appropriately and it is not shared with other users or shipped into a log ingestion solution without the appropriate RBAC enforcement. Otherwise, disabling the Audit feature or decreasing it to the audit level `0`, mitigates the issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).\n",
"id": "GHSA-xfj7-qf8w-2gcr",
"modified": "2024-10-16T17:05:11Z",
"published": "2024-02-08T18:44:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22649"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Rancher \u0027Audit Log\u0027 leaks sensitive information"
}
GHSA-XFRJ-6VVC-3XM2
Vulnerability from github – Published: 2023-10-20 12:31 – Updated: 2025-11-04 16:46All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.santuario:xmlsec"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.santuario:xmlsec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.santuario:xmlsec"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-44483"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-20T22:59:19Z",
"nvd_published_at": "2023-10-20T10:15:12Z",
"severity": "MODERATE"
},
"details": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.",
"id": "GHSA-xfrj-6vvc-3xm2",
"modified": "2025-11-04T16:46:02Z",
"published": "2023-10-20T12:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/santuario-java"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
},
{
"type": "WEB",
"url": "https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc?version=1\u0026modificationDate=1697782758000\u0026api=v2"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Santuario - XML Security for Java are vulnerable to private key disclosure"
}
GHSA-XG4G-J93Q-XPMH
Vulnerability from github – Published: 2023-08-31 21:32 – Updated: 2023-08-31 21:32Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.
{
"affected": [],
"aliases": [
"CVE-2023-4688"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T21:15:09Z",
"severity": "MODERATE"
},
"details": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.",
"id": "GHSA-xg4g-j93q-xpmh",
"modified": "2023-08-31T21:32:41Z",
"published": "2023-08-31T21:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4688"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-5782"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.