Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-8GF8-FQWW-VR2C

Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-12-17 21:30
VLAI
Details

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T02:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.",
  "id": "GHSA-8gf8-fqww-vr2c",
  "modified": "2025-12-17T21:30:35Z",
  "published": "2025-11-04T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43426"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125632"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125634"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8GGH-XWR9-3373

Vulnerability from github – Published: 2025-12-04 12:31 – Updated: 2025-12-05 21:19
VLAI
Summary
Ansible Community General Collection is vulnerable to exposure of sensitive information
Details

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-14010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-05T02:15:35Z",
    "nvd_published_at": "2025-12-04T10:16:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.",
  "id": "GHSA-8ggh-xwr9-3373",
  "modified": "2025-12-05T21:19:33Z",
  "published": "2025-12-04T12:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14010"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible-collections/community.general/issues/11000"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible-collections/community.general/commit/08e56bbb9b57740a879d3057d84cdb02a162b840"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-14010"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418774"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ansible-collections/community.general"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible-community/ansible-build-data/blob/12.2.0/12/CHANGELOG-v12.md#security-fixes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ansible Community General Collection is vulnerable to exposure of sensitive information"
}

GHSA-8GP7-GQ2P-694F

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25421"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.",
  "id": "GHSA-8gp7-gq2p-694f",
  "modified": "2022-05-24T19:05:06Z",
  "published": "2022-05-24T19:05:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25421"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8GQR-F87P-7VM9

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-31T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.",
  "id": "GHSA-8gqr-f87p-7vm9",
  "modified": "2022-05-13T01:02:36Z",
  "published": "2022-05-13T01:02:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0875"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H56-G83Q-FFR3

Vulnerability from github – Published: 2025-09-16 21:31 – Updated: 2025-09-22 21:30
VLAI
Details

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T20:15:34Z",
    "severity": "CRITICAL"
  },
  "details": "Ilevia EVE X1 Server version \u2264 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.",
  "id": "GHSA-8h56-g83q-ffr3",
  "modified": "2025-09-22T21:30:17Z",
  "published": "2025-09-16T21:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34183"
    },
    {
      "type": "WEB",
      "url": "https://packetstorm.news/files/id/208700"
    },
    {
      "type": "WEB",
      "url": "https://www.ilevia.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/ilevia-eve-x1-server-credentials-leak-through-log-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8H93-8V8G-JQM4

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-23T16:15:00Z",
    "severity": "LOW"
  },
  "details": "Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization\u0027s security program. The issue has since been fixed in version 31 of the Automox Agent.",
  "id": "GHSA-8h93-8v8g-jqm4",
  "modified": "2022-05-24T17:48:42Z",
  "published": "2022-05-24T17:48:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26908"
    },
    {
      "type": "WEB",
      "url": "https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8JMQ-M9FV-QR74

Vulnerability from github – Published: 2022-05-14 02:59 – Updated: 2022-05-14 02:59
VLAI
Details

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-16T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.",
  "id": "GHSA-8jmq-m9fv-qr74",
  "modified": "2022-05-14T02:59:22Z",
  "published": "2022-05-14T02:59:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11716"
    },
    {
      "type": "WEB",
      "url": "https://blog.netxp.fr/manageengine-deep-exploitation"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JPP-7P79-W764

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 01:00
VLAI
Details

Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-19T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.",
  "id": "GHSA-8jpp-7p79-w764",
  "modified": "2024-04-04T01:00:59Z",
  "published": "2022-05-24T16:48:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11271"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2019-11271"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M88-R8CJ-F72F

Vulnerability from github – Published: 2022-12-19 21:30 – Updated: 2022-12-23 21:30
VLAI
Details

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.",
  "id": "GHSA-8m88-r8cj-f72f",
  "modified": "2022-12-23T21:30:19Z",
  "published": "2022-12-19T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43887"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6841801"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MJG-8C8G-6H85

Vulnerability from github – Published: 2023-02-06 23:27 – Updated: 2024-05-20 19:26
VLAI
Summary
Kubernetes Sensitive Information leak via Log File
Details

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.19.0"
            },
            {
              "fixed": "1.19.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.18.0"
            },
            {
              "fixed": "1.18.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.20.0-alpha.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-06T23:27:00Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13.",
  "id": "GHSA-8mjg-8c8g-6h85",
  "modified": "2024-05-20T19:26:49Z",
  "published": "2023-02-06T23:27:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8564"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/95622"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/pull/94712"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/kubernetes"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0066"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210122-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kubernetes Sensitive Information leak via Log File"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.