CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-8R79-689G-CPR3
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
{
"affected": [],
"aliases": [
"CVE-2018-3828"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-19T19:29:00Z",
"severity": "HIGH"
},
"details": "Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",
"id": "GHSA-8r79-689g-cpr3",
"modified": "2022-05-13T01:32:16Z",
"published": "2022-05-13T01:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3828"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8RC9-2785-687M
Vulnerability from github – Published: 2023-09-12 00:30 – Updated: 2023-11-01 00:30A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
{
"affected": [],
"aliases": [
"CVE-2023-40442"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T00:15:09Z",
"severity": "LOW"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information.",
"id": "GHSA-8rc9-2785-687m",
"modified": "2023-11-01T00:30:48Z",
"published": "2023-09-12T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40442"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213842"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213844"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213845"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213841"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8RRQ-WCG8-CV5Q
Vulnerability from github – Published: 2026-05-18 17:56 – Updated: 2026-06-09 10:57Summary
OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis systems.
Details
In pkg/ebpf/common/redis_detect_transform.go, getRedisError trims the raw error buffer and stores it directly in request.DBError.Description.
Later, pkg/appolly/app/request/span.go returns that description as the exported status message for Redis spans whenever the span status is non-zero.
There is no opt-in control or sanitization beyond CRLF trimming. As a result, raw Redis error text becomes part of OTLP-exported status metadata by default.
PoC
Local request-layer testing recorded a status message containing ERR invalid password for user bob secret=TOPSECRET, which shows that unfiltered Redis error text reaches the exported status message.
Use a vulnerable build:
git checkout v0.0.0-rc.1+build
make build
Start Redis and OBI:
docker run --rm -p 6379:6379 redis:7
sudo ./bin/obi
Send a command that causes Redis to return an error containing caller-supplied text:
redis-cli -p 6379 'NOTACMD my-secret-token-123'
Capture the exported span or inspect the local telemetry output. On a vulnerable build, the span status message contains the Redis error text, including the supplied command fragment. This demonstrates that raw Redis error text is exported into telemetry by default and that values embedded in that text, including data supplied unintentionally by a caller, can be carried into tracing systems.
Impact
This is an information disclosure and telemetry injection issue. It affects any deployment that traces Redis traffic and exports spans to collectors, logs, or dashboards. Sensitive values, tokens, or PII present in Redis error text can be exfiltrated into telemetry systems, and untrusted text can contaminate downstream analysis.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "go.opentelemetry.io/obi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45679"
],
"database_specific": {
"cwe_ids": [
"CWE-117",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T17:56:15Z",
"nvd_published_at": "2026-06-02T16:16:42Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nOBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis systems.\n\n### Details\n\nIn [pkg/ebpf/common/redis_detect_transform.go](https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/blob/4f35facce2fe611319672595838ab875490f404d/pkg/components/ebpf/common/redis_detect_transform.go#L60-L74), `getRedisError` trims the raw error buffer and stores it directly in `request.DBError.Description`.\n\nLater, [pkg/appolly/app/request/span.go](https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/blob/4f35facce2fe611319672595838ab875490f404d/pkg/app/request/span.go#L347-L352) returns that description as the exported status message for Redis spans whenever the span status is non-zero.\n\nThere is no opt-in control or sanitization beyond CRLF trimming. As a result, raw Redis error text becomes part of OTLP-exported status metadata by default.\n\n### PoC\n\nLocal request-layer testing recorded a status message containing `ERR invalid password for user bob secret=TOPSECRET`, which shows that unfiltered Redis error text reaches the exported status message.\n\nUse a vulnerable build:\n\n```bash\ngit checkout v0.0.0-rc.1+build\nmake build\n```\n\nStart Redis and OBI:\n\n```bash\ndocker run --rm -p 6379:6379 redis:7\nsudo ./bin/obi\n```\n\nSend a command that causes Redis to return an error containing caller-supplied text:\n\n```bash\nredis-cli -p 6379 \u0027NOTACMD my-secret-token-123\u0027\n```\n\nCapture the exported span or inspect the local telemetry output. On a vulnerable build, the span status message contains the Redis error text, including the supplied command fragment. This demonstrates that raw Redis error text is exported into telemetry by default and that values embedded in that text, including data supplied unintentionally by a caller, can be carried into tracing systems.\n\n### Impact\n\nThis is an information disclosure and telemetry injection issue. It affects any deployment that traces Redis traffic and exports spans to collectors, logs, or dashboards. Sensitive values, tokens, or PII present in Redis error text can be exfiltrated into telemetry systems, and untrusted text can contaminate downstream analysis.",
"id": "GHSA-8rrq-wcg8-cv5q",
"modified": "2026-06-09T10:57:58Z",
"published": "2026-05-18T17:56:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-8rrq-wcg8-cv5q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45679"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages"
}
GHSA-8RV8-VG5P-GRCR
Vulnerability from github – Published: 2023-10-10 15:30 – Updated: 2024-04-04 08:29When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2023-43485"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T13:15:21Z",
"severity": "MODERATE"
},
"details": "\nWhen TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-8rv8-vg5p-grcr",
"modified": "2024-04-04T08:29:16Z",
"published": "2023-10-10T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43485"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K06110200"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8VG2-WF3Q-MWV7
Vulnerability from github – Published: 2023-03-23 19:47 – Updated: 2023-03-31 16:08Summary
CWE-532: Insertion of Sensitive Information into Log File discovered in v9.23.1. The directus_refresh_token is not redacted properly from the log outputs and can be used to impersonate users without their permission.
Details
Using v9.23.1, I am seeing that the directus_refresh_token is not properly redacted as indicated by https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13
I'm classifying this as a security vulnerability because if someone has access to the log outputs, for example with a shared Cloud account or Splunk implementation, they could exchange the refresh token using /auth/refresh for an access token and use the token to perform actions on behalf of an unsuspecting user. This situation creates issues with accountability and non-repudiation because we can no longer have confidence that actions taken in the application were authorized or even performed by the logged-in user.
A couple of examples of this are: - A disgruntled employee deletes all of the data to get even with a target team member before logging off on their last day - Under the guise of their unsuspecting boss, a mischievous engineer uploads questionable images that get displayed on internal or external facing content sites
The list could go on but I think these communicate the risk of an internal threat that has access to this information 😆
PoC
- Set
LOG_STYLE="raw"and run Directus v9.23.1 - Log in to the application
-
Look at the shell output and see that
directus_refresh_tokenis logged > Note: This is different from the standardrawoutput format. I intentionally ran this withnpx directus start | pino-prettyso logs would be easier to read. It can also be reproduced by runningnpx directus startalone.
-
Exchange the
directus_refresh_tokenfor anaccess_tokenshell curl -X POST \ 'http://0.0.0.0:8055/auth/refresh' \ --header 'Accept: */*' \ --header 'Cookie: directus_refresh_token=$shh'
Impact
Because this can be used to exploit other threats related to CWE-284: Improper Access Control I rank it with a Moderate severity. An insider with knowledge of this could do many mischievous things and get away with them for a long time without victims knowing about it.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "directus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.23.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28443"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-23T19:47:12Z",
"nvd_published_at": "2023-03-24T00:15:00Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nCWE-532: Insertion of Sensitive Information into Log File discovered in v9.23.1. The `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. \n\n### Details\n\nUsing `v9.23.1`, I am seeing that the `directus_refresh_token` is not properly redacted as indicated by https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13\n\nI\u0027m classifying this as a security vulnerability because if someone has access to the log outputs, for example with a shared Cloud account or Splunk implementation, they could exchange the refresh token using `/auth/refresh` for an access token and use the token to perform actions on behalf of an unsuspecting user. This situation creates issues with accountability and non-repudiation because we can no longer have confidence that actions taken in the application were authorized or even performed by the logged-in user. \n\nA couple of examples of this are:\n- A disgruntled employee deletes all of the data to get even with a target team member before logging off on their last day\n- Under the guise of their unsuspecting boss, a mischievous engineer uploads _questionable_ images that get displayed on internal or external facing content sites\n\nThe list could go on but I think these communicate the risk of an internal threat that has access to this information \ud83d\ude06 \n\n### PoC\n1. Set `LOG_STYLE=\"raw\"` and run Directus v9.23.1\n1. Log in to the application\n1. Look at the shell output and see that `directus_refresh_token` is logged\n \u003e Note: This is different from the standard `raw` output format. I intentionally ran this with `npx directus start | pino-pretty` so logs would be easier to read. It can also be reproduced by running `npx directus start` alone. \n\n \n\n1. Exchange the `directus_refresh_token` for an `access_token`\n\n ``` shell\n curl -X POST \\\n \u0027http://0.0.0.0:8055/auth/refresh\u0027 \\\n --header \u0027Accept: */*\u0027 \\\n --header \u0027Cookie: directus_refresh_token=$shh\u0027\n ```\n\n### Impact\nBecause this can be used to exploit other threats related to [CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html) I rank it with a Moderate severity. An insider with knowledge of this could do many mischievous things and get away with them for a long time without victims knowing about it. \n",
"id": "GHSA-8vg2-wf3q-mwv7",
"modified": "2023-03-31T16:08:10Z",
"published": "2023-03-23T19:47:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28443"
},
{
"type": "WEB",
"url": "https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc"
},
{
"type": "PACKAGE",
"url": "https://github.com/directus/directus"
},
{
"type": "WEB",
"url": "https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "directus vulnerable to Insertion of Sensitive Information into Log File"
}
GHSA-8VH8-VC28-M2HF
Vulnerability from github – Published: 2019-11-20 01:33 – Updated: 2022-02-11 21:12A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10212"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2019-11-19T02:49:57Z",
"nvd_published_at": "2019-10-02T19:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user\u0027s credentials from the log files.",
"id": "GHSA-8vh8-vc28-m2hf",
"modified": "2022-02-11T21:12:59Z",
"published": "2019-11-20T01:33:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10212"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2998"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Potential to access user credentials from the log files when debug logging enabled"
}
GHSA-8WF6-Q8C8-VQJ7
Vulnerability from github – Published: 2025-12-05 18:31 – Updated: 2025-12-05 18:31ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
{
"affected": [],
"aliases": [
"CVE-2020-36876"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-05T18:15:53Z",
"severity": "HIGH"
},
"details": "ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver\u0027s Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.",
"id": "GHSA-8wf6-q8c8-vqj7",
"modified": "2025-12-05T18:31:12Z",
"published": "2025-12-05T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36876"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48950"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-server-debug-log-disclosure"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php"
},
{
"type": "WEB",
"url": "http://request.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8WPJ-W799-92RG
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2025-05-30 18:30** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues.
{
"affected": [],
"aliases": [
"CVE-2018-18466"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:00:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues.",
"id": "GHSA-8wpj-w799-92rg",
"modified": "2025-05-30T18:30:34Z",
"published": "2022-05-13T01:19:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18466"
},
{
"type": "WEB",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-18466"
},
{
"type": "WEB",
"url": "https://www.excellium-services.com/cert-xlm-advisory"
},
{
"type": "WEB",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-18466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8X72-PG98-VRF2
Vulnerability from github – Published: 2025-10-31 12:30 – Updated: 2025-10-31 21:31A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
{
"affected": [],
"aliases": [
"CVE-2025-40603"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-31T11:15:34Z",
"severity": "MODERATE"
},
"details": "A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.",
"id": "GHSA-8x72-pg98-vrf2",
"modified": "2025-10-31T21:31:00Z",
"published": "2025-10-31T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40603"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-93F2-XP2G-GQXP
Vulnerability from github – Published: 2022-05-03 00:01 – Updated: 2022-05-03 00:01An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
{
"affected": [],
"aliases": [
"CVE-2017-2621"
],
"database_specific": {
"cwe_ids": [
"CWE-532",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-27T18:29:00Z",
"severity": "MODERATE"
},
"details": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.",
"id": "GHSA-93f2-xp2g-gqxp",
"modified": "2022-05-03T00:01:26Z",
"published": "2022-05-03T00:01:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2621"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1243"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1464"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-2621"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96280"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.