CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-99QF-MR8W-29QW
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-19 00:01Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
{
"affected": [],
"aliases": [
"CVE-2022-25828"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:47:00Z",
"severity": "LOW"
},
"details": "Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log",
"id": "GHSA-99qf-mr8w-29qw",
"modified": "2022-03-19T00:01:32Z",
"published": "2022-03-11T00:02:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25828"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9C2P-JFMW-FGW7
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-24 00:00** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness.
{
"affected": [],
"aliases": [
"CVE-2022-29550"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T13:15:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes \"ps auxwwe\" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness.",
"id": "GHSA-9c2p-jfmw-fgw7",
"modified": "2022-08-24T00:00:31Z",
"published": "2022-08-19T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29550"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/vulnerabilities-threat-research"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Sep/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9C9H-VR4P-FJQ2
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:03All versions of unity-scope-gdrive logs search terms to syslog.
{
"affected": [],
"aliases": [
"CVE-2015-1343"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-22T16:29:00Z",
"severity": "MODERATE"
},
"details": "All versions of unity-scope-gdrive logs search terms to syslog.",
"id": "GHSA-9c9h-vr4p-fjq2",
"modified": "2024-04-04T00:03:15Z",
"published": "2022-05-24T16:44:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1343"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9CCM-QCM5-WRX4
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2022-05-17 00:22Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
{
"affected": [],
"aliases": [
"CVE-2017-1000171"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-03T18:29:00Z",
"severity": "CRITICAL"
},
"details": "Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.",
"id": "GHSA-9ccm-qcm5-wrx4",
"modified": "2022-05-17T00:22:01Z",
"published": "2022-05-17T00:22:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000171"
},
{
"type": "WEB",
"url": "https://github.com/MaharaProject/mahara-mobile/issues/33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9CXC-M8XM-7C7X
Vulnerability from github – Published: 2024-09-12 15:33 – Updated: 2024-10-02 15:30Possible Insertion of Sensitive Information into Log File Vulnerability
in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.
{
"affected": [],
"aliases": [
"CVE-2022-26322"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T13:15:10Z",
"severity": "MODERATE"
},
"details": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200.",
"id": "GHSA-9cxc-m8xm-7c7x",
"modified": "2024-10-02T15:30:36Z",
"published": "2024-09-12T15:33:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26322"
},
{
"type": "WEB",
"url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9F54-6R7J-3HPH
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
{
"affected": [],
"aliases": [
"CVE-2001-1556"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.",
"id": "GHSA-9f54-6r7j-3hph",
"modified": "2022-04-30T18:18:18Z",
"published": "2022-04-30T18:18:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1556"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html"
},
{
"type": "WEB",
"url": "http://httpd.apache.org/docs/logs.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7363.php"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9F7J-84Q4-6VJ2
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-03-11 18:31A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user’s contacts.
{
"affected": [],
"aliases": [
"CVE-2023-23505"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "LOW"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user\u2019s contacts.",
"id": "GHSA-9f7j-84q4-6vj2",
"modified": "2025-03-11T18:31:57Z",
"published": "2023-07-06T19:24:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23505"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213598"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213599"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213603"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213604"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213605"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213606"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9FC5-Q5GF-F5CP
Vulnerability from github – Published: 2023-07-12 15:30 – Updated: 2024-04-04 06:04In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
{
"affected": [],
"aliases": [
"CVE-2023-38067"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T13:15:09Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2023.05.1 build parameters of the \"password\" type could be written to the agent log",
"id": "GHSA-9fc5-q5gf-f5cp",
"modified": "2024-04-04T06:04:14Z",
"published": "2023-07-12T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38067"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9FGP-XGX7-GPX6
Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-09-01 00:00A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
{
"affected": [],
"aliases": [
"CVE-2022-23715"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore",
"id": "GHSA-9fgp-xgx7-gpx6",
"modified": "2022-09-01T00:00:21Z",
"published": "2022-08-26T00:03:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23715"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9FW7-MCQ9-GHF3
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
{
"affected": [],
"aliases": [
"CVE-2018-1072"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-26T18:29:00Z",
"severity": "CRITICAL"
},
"details": "ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options \"--provision*db\", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.",
"id": "GHSA-9fw7-mcq9-ghf3",
"modified": "2022-05-13T01:33:34Z",
"published": "2022-05-13T01:33:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1072"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.