CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-C4W9-XPCR-FXJJ
Vulnerability from github – Published: 2026-01-17 03:30 – Updated: 2026-02-02 18:31In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.
{
"affected": [],
"aliases": [
"CVE-2026-0519"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-17T02:15:49Z",
"severity": "MODERATE"
},
"details": "In Secure Access 12.70 and prior to 14.20, the logging \nsubsystem may write an unredacted authentication token to logs under \ncertain configurations. Any party with access to those logs could read \nthe token and reuse it to access an integrated system.",
"id": "GHSA-c4w9-xpcr-fxjj",
"modified": "2026-02-02T18:31:30Z",
"published": "2026-01-17T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0519"
},
{
"type": "WEB",
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-0519"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C527-HCF9-M2FF
Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27157"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T04:15:26Z",
"severity": "MODERATE"
},
"details": "The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-c527-hcf9-m2ff",
"modified": "2024-07-04T06:35:03Z",
"published": "2024-06-14T06:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27157"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C57P-3V2G-W9RG
Vulnerability from github – Published: 2022-05-14 01:17 – Updated: 2024-02-21 21:32Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
This issue was fixed in Apache Tomcat 7.0.17 but the release votes for the 7.0.17 and 7.0.18 release candidates did not pass. Therefore, users must download 7.0.19 to obtain a version that includes a fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "5.5.0"
},
{
"fixed": "5.5.34"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.33"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2011-2204"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-13T17:26:44Z",
"nvd_published_at": "2011-06-29T17:55:00Z",
"severity": "MODERATE"
},
"details": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.\n\nThis issue was fixed in Apache Tomcat 7.0.17 but the release votes for the 7.0.17 and 7.0.18 release candidates did not pass. Therefore, users must download 7.0.19 to obtain a version that includes a fix.",
"id": "GHSA-c57p-3v2g-w9rg",
"modified": "2024-02-21T21:32:35Z",
"published": "2022-05-14T01:17:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2204"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:1845"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717013"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68238"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5130"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2401"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Insertion of Sensitive Information into Log File in Apache Tomcat"
}
GHSA-C5Q2-C79J-WQC2
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-19 00:01Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
{
"affected": [],
"aliases": [
"CVE-2022-25829"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:47:00Z",
"severity": "LOW"
},
"details": "Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log",
"id": "GHSA-c5q2-c79j-wqc2",
"modified": "2022-03-19T00:01:31Z",
"published": "2022-03-11T00:02:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25829"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C5QX-P38X-QF5W
Vulnerability from github – Published: 2025-07-21 19:19 – Updated: 2025-07-21 19:19Summary
Log output includes authentication token that provides full account access
Details
The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, userdata/$user_id$/config/localconfig.vdf contains potentially sensitive information which should not be included in public logs.
PoC
Use the following workflow step
steps:
- name: Setup SteamCMD
uses: buildalon/setup-steamcmd@v1.0.4
- name: Sign into steam
shell: bash
run: |
steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit
Impact
Anyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.
{
"affected": [
{
"package": {
"ecosystem": "GitHub Actions",
"name": "RageAgainstThePixel/setup-steamcmd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-21T19:19:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nLog output includes authentication token that provides full account access\n\n### Details\nThe post job action prints the contents of `config/config.vdf` which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, `userdata/$user_id$/config/localconfig.vdf` contains potentially sensitive information which should not be included in public logs.\n\n### PoC\nUse the following workflow step\n```\nsteps:\n - name: Setup SteamCMD\n uses: buildalon/setup-steamcmd@v1.0.4\n\n - name: Sign into steam\n shell: bash\n run: |\n steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit\n```\n\n### Impact\nAnyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.",
"id": "GHSA-c5qx-p38x-qf5w",
"modified": "2025-07-21T19:19:03Z",
"published": "2025-07-21T19:19:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/RageAgainstThePixel/setup-steamcmd/security/advisories/GHSA-c5qx-p38x-qf5w"
},
{
"type": "WEB",
"url": "https://github.com/RageAgainstThePixel/setup-steamcmd/commit/3e4e408e73bdd46822f1147b45eeeab050fd1ead"
},
{
"type": "PACKAGE",
"url": "https://github.com/RageAgainstThePixel/setup-steamcmd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs"
}
GHSA-C5X3-P9MJ-9GV6
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.
{
"affected": [],
"aliases": [
"CVE-2021-21597"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T19:15:00Z",
"severity": "LOW"
},
"details": "Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.",
"id": "GHSA-c5x3-p9mj-9gv6",
"modified": "2022-05-24T19:10:31Z",
"published": "2022-05-24T19:10:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21597"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000189543"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C6QC-PM8W-2WMG
Vulnerability from github – Published: 2024-01-22 21:31 – Updated: 2024-01-22 21:31In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
{
"affected": [],
"aliases": [
"CVE-2024-23677"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-22T21:15:10Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.",
"id": "GHSA-c6qc-pm8w-2wmg",
"modified": "2024-01-22T21:31:07Z",
"published": "2024-01-22T21:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23677"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C73F-5R3F-RR6V
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
{
"affected": [],
"aliases": [
"CVE-2019-16203"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-05T16:15:00Z",
"severity": "MODERATE"
},
"details": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.",
"id": "GHSA-c73f-5r3f-rr6v",
"modified": "2022-05-24T17:08:02Z",
"published": "2022-05-24T17:08:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16203"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200511-0008"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C7JR-PF92-3RQ5
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-17 00:00In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113
{
"affected": [],
"aliases": [
"CVE-2022-20278"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "MODERATE"
},
"details": "In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113",
"id": "GHSA-c7jr-pf92-3rq5",
"modified": "2022-08-17T00:00:32Z",
"published": "2022-08-13T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20278"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C7VR-4QG5-Q9V7
Vulnerability from github – Published: 2023-02-20 18:30 – Updated: 2023-03-03 18:30Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
{
"affected": [],
"aliases": [
"CVE-2022-48319"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-20T17:15:00Z",
"severity": "MODERATE"
},
"details": "Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29\u0027s Checkmk \u003c= 2.1.0p13, Checkmk \u003c= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.",
"id": "GHSA-c7vr-4qg5-q9v7",
"modified": "2023-03-03T18:30:25Z",
"published": "2023-02-20T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48319"
},
{
"type": "WEB",
"url": "https://checkmk.com/werk/14916"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.