Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-8P36-QQPP-QH28

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:47Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.",
  "id": "GHSA-8p36-qqpp-qh28",
  "modified": "2025-11-11T18:30:23Z",
  "published": "2025-11-11T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62208"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P78-MRGJ-HW73

Vulnerability from github – Published: 2024-06-06 00:30 – Updated: 2024-07-18 21:30
VLAI
Details

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T00:15:09Z",
    "severity": "HIGH"
  },
  "details": "Under certain circumstances the Microsoft\u00ae Internet Information Server (IIS) used to host the C\u2022CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C\u2022CURE 9000 or prior versions",
  "id": "GHSA-8p78-mrgj-hw73",
  "modified": "2024-07-18T21:30:36Z",
  "published": "2024-06-06T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0912"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8P8H-W59Q-XF45

Vulnerability from github – Published: 2024-02-21 00:31 – Updated: 2024-09-04 18:30
VLAI
Details

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.",
  "id": "GHSA-8p8h-w59q-xf45",
  "modified": "2024-09-04T18:30:48Z",
  "published": "2024-02-21T00:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23758"
    },
    {
      "type": "WEB",
      "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PC2-WCC6-JG3P

Vulnerability from github – Published: 2023-07-19 03:30 – Updated: 2024-04-04 06:16
VLAI
Details

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-19T02:15:09Z",
    "severity": "HIGH"
  },
  "details": "Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.  IBM X-Force ID:  247896.",
  "id": "GHSA-8pc2-wcc6-jg3p",
  "modified": "2024-04-04T06:16:51Z",
  "published": "2023-07-19T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26023"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247896"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6999351"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PC7-RGGG-XW6R

Vulnerability from github – Published: 2022-05-17 03:40 – Updated: 2022-05-17 03:40
VLAI
Details

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-03T18:59:00Z",
    "severity": "LOW"
  },
  "details": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.",
  "id": "GHSA-8pc7-rggg-xw6r",
  "modified": "2022-05-17T03:40:37Z",
  "published": "2022-05-17T03:40:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5432"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1967"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2016-5432"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QP7-FHR9-FW53

Vulnerability from github – Published: 2026-03-05 00:23 – Updated: 2026-03-09 15:46
VLAI
Summary
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
Details

Impact

A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs.

The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template

Patches

Patched in @backstage/plugin-scaffolder-backend version 3.1.4

Workarounds

  • Implement a custom permission policy that restricts scaffolder.task.read so users can only read their own task logs
  • Restrict who can register templates in the catalog to trusted users only

Resources

  • Backstage Scaffolder permissions documentation: https://backstage.io/docs/permissions/plugin-authors/01-setup/
  • Backstage Threat Model: https://backstage.io/docs/overview/threat-model/
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@backstage/plugin-scaffolder-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-05T00:23:51Z",
    "nvd_published_at": "2026-03-07T15:15:55Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nA malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs.\n\nThe attack requires:\n  - The ability to register a template in the catalog\n  - A victim who executes the malicious template\n\n### Patches\n  Patched in `@backstage/plugin-scaffolder-backend` version 3.1.4\n\n### Workarounds\n  - Implement a custom permission policy that restricts scaffolder.task.read so users can only read their own task logs\n  - Restrict who can register templates in the catalog to trusted users only\n\n### Resources\n  - Backstage Scaffolder permissions documentation: https://backstage.io/docs/permissions/plugin-authors/01-setup/\n  - Backstage Threat Model: https://backstage.io/docs/overview/threat-model/",
  "id": "GHSA-8qp7-fhr9-fw53",
  "modified": "2026-03-09T15:46:58Z",
  "published": "2026-03-05T00:23:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/backstage/backstage/security/advisories/GHSA-8qp7-fhr9-fw53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29184"
    },
    {
      "type": "WEB",
      "url": "https://backstage.io/docs/overview/threat-model"
    },
    {
      "type": "WEB",
      "url": "https://backstage.io/docs/permissions/plugin-authors/01-setup"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/backstage/backstage"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass"
}

GHSA-8R33-Q5J5-RH7G

Vulnerability from github – Published: 2024-02-08 00:32 – Updated: 2024-11-18 16:26
VLAI
Summary
APM Server vulnerable to Insertion of Sensitive Information into Log File
Details

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/apm-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-16T23:18:07Z",
    "nvd_published_at": "2024-02-07T22:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.",
  "id": "GHSA-8r33-q5j5-rh7g",
  "modified": "2024-11-18T16:26:36Z",
  "published": "2024-02-08T00:32:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23448"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/apm-server"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "APM Server vulnerable to Insertion of Sensitive Information into Log File"
}

GHSA-8R3P-HRM4-G839

Vulnerability from github – Published: 2025-10-27 15:30 – Updated: 2025-10-27 15:30
VLAI
Details

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-27T13:15:42Z",
    "severity": "LOW"
  },
  "details": "ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.",
  "id": "GHSA-8r3p-hrm4-g839",
  "modified": "2025-10-27T15:30:40Z",
  "published": "2025-10-27T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11248"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/products/desktop-central/CVE-2025-11248.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8R3W-82FQ-GWGP

Vulnerability from github – Published: 2026-07-09 12:30 – Updated: 2026-07-10 18:32
VLAI
Details

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T10:16:27Z",
    "severity": "MODERATE"
  },
  "details": "HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. \u00a0The application stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-8r3w-82fq-gwgp",
  "modified": "2026-07-10T18:32:08Z",
  "published": "2026-07-09T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56459"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0131696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8R55-RV5W-6PFM

Vulnerability from github – Published: 2026-02-24 12:31 – Updated: 2026-02-25 19:21
VLAI
Summary
Apache Airflow exposes sensitive information in its log files
Details

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-201",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T19:21:33Z",
    "nvd_published_at": "2026-02-24T10:16:02Z",
    "severity": "MODERATE"
  },
  "details": "Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378",
  "id": "GHSA-8r55-rv5w-6pfm",
  "modified": "2026-02-25T19:21:33Z",
  "published": "2026-02-24T12:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27555"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/61882"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow exposes sensitive information in its log files"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.