Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-93F3-23RQ-PJFP

Vulnerability from github – Published: 2020-07-07 18:56 – Updated: 2022-08-10 23:59
VLAI
Summary
npm CLI exposing sensitive information through logs
Details

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "npm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.14.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-07T18:30:59Z",
    "nvd_published_at": "2020-07-07T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `\u003cprotocol\u003e://[\u003cuser\u003e[:\u003cpassword\u003e]@]\u003chostname\u003e[:\u003cport\u003e][:][/]\u003cpath\u003e`. The password value is not redacted and is printed to stdout and also to any generated log files.",
  "id": "GHSA-93f3-23rq-pjfp",
  "modified": "2022-08-10T23:59:40Z",
  "published": "2020-07-07T18:56:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15095"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-07"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "npm CLI exposing sensitive information through logs"
}

GHSA-93F7-XVXJ-XH3R

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:21
VLAI
Details

Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-23T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.",
  "id": "GHSA-93f7-xvxj-xh3r",
  "modified": "2024-04-04T01:21:52Z",
  "published": "2022-05-24T16:51:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11273"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/CVE-2019-11273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-93FQ-2C5R-CJ4M

Vulnerability from github – Published: 2023-05-02 09:30 – Updated: 2024-04-04 03:46
VLAI
Details

Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-02T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Transmission of credentials within query parameters in Checkmk \u003c= 2.1.0p26, \u003c= 2.0.0p35, and \u003c= 2.2.0b6 (beta) may cause the automation user\u0027s secret to be written to the site Apache access log.",
  "id": "GHSA-93fq-2c5r-cj4m",
  "modified": "2024-04-04T03:46:29Z",
  "published": "2023-05-02T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31207"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/15189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-93H4-P6C6-58PW

Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31
VLAI
Details

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T23:17:03Z",
    "severity": "MODERATE"
  },
  "details": "MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.",
  "id": "GHSA-93h4-p6c6-58pw",
  "modified": "2026-06-10T00:31:50Z",
  "published": "2026-06-10T00:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9735"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-126506"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-93QW-8CMP-CW56

Vulnerability from github – Published: 2022-05-27 00:01 – Updated: 2022-06-08 00:00
VLAI
Details

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-93qw-8cmp-cw56",
  "modified": "2022-06-08T00:00:55Z",
  "published": "2022-05-27T00:01:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20809"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-942G-2QF9-83FP

Vulnerability from github – Published: 2022-05-17 03:01 – Updated: 2022-05-17 03:01
VLAI
Details

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-01T20:59:00Z",
    "severity": "LOW"
  },
  "details": "IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.",
  "id": "GHSA-942g-2qf9-83fp",
  "modified": "2022-05-17T03:01:52Z",
  "published": "2022-05-17T03:01:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0296"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21993213"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94213"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94WV-J3JC-G3FM

Vulnerability from github – Published: 2024-11-05 12:31 – Updated: 2024-11-05 12:31
VLAI
Details

Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-05T10:21:15Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability of improper log printing in the Super Home Screen module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-94wv-j3jc-g3fm",
  "modified": "2024-11-05T12:31:03Z",
  "published": "2024-11-05T12:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51528"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95V7-JV4X-23WW

Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2025-10-31 12:30
VLAI
Details

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.",
  "id": "GHSA-95v7-jv4x-23ww",
  "modified": "2025-10-31T12:30:20Z",
  "published": "2022-02-11T00:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22939"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2022-0003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96MV-8MP2-5CWQ

Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00
VLAI
Details

Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-12T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.",
  "id": "GHSA-96mv-8mp2-5cwq",
  "modified": "2022-07-17T00:00:45Z",
  "published": "2022-07-13T00:01:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33688"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96VC-522P-F5F2

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:15:47Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.",
  "id": "GHSA-96vc-522p-f5f2",
  "modified": "2025-04-08T18:34:45Z",
  "published": "2025-04-08T18:34:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25002"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.