Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1742 vulnerabilities reference this CWE, most recent first.

GHSA-CQGV-256R-M9R8

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-06-23 17:58
VLAI
Summary
Insertion of Sensitive Information into Log File in Elasticsearch
Details

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.8.13"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.8.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.0.9"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-23T17:58:18Z",
    "nvd_published_at": "2021-02-10T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.",
  "id": "GHSA-cqgv-256r-m9r8",
  "modified": "2022-06-23T17:58:18Z",
  "published": "2022-05-24T17:41:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7021"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/elasticsearch"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210319-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insertion of Sensitive Information into Log File in Elasticsearch"
}

GHSA-CQGV-GR59-9QF6

Vulnerability from github – Published: 2025-07-18 00:30 – Updated: 2026-02-02 15:30
VLAI
Details

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T22:15:26Z",
    "severity": "HIGH"
  },
  "details": "Brocade ASCG before 3.3.0 logs JSON \nWeb Tokens (JWT) in log files. An attacker with access to the log files \n can withdraw the unencrypted tokens with security implications, such as\n unauthorized access, session hijacking, and information disclosure.",
  "id": "GHSA-cqgv-gr59-9qf6",
  "modified": "2026-02-02T15:30:32Z",
  "published": "2025-07-18T00:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6391"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CR9W-99VR-7F2H

Vulnerability from github – Published: 2023-10-03 15:30 – Updated: 2024-04-04 08:11
VLAI
Details

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T14:15:10Z",
    "severity": "HIGH"
  },
  "details": "Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.",
  "id": "GHSA-cr9w-99vr-7f2h",
  "modified": "2024-04-04T08:11:15Z",
  "published": "2023-10-03T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3349"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRHR-QQJ8-RPXC

Vulnerability from github – Published: 2026-03-07 09:30 – Updated: 2026-03-09 18:19
VLAI
Summary
Apache ZooKeeper has improper handling of configuration values
Details

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.0"
            },
            {
              "fixed": "3.9.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0"
            },
            {
              "fixed": "3.8.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-09T18:19:16Z",
    "nvd_published_at": "2026-03-07T09:16:07Z",
    "severity": "HIGH"
  },
  "details": "Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client\u0027s logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue.\u00a0Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.",
  "id": "GHSA-crhr-qqj8-rpxc",
  "modified": "2026-03-09T18:19:16Z",
  "published": "2026-03-07T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/zookeeper"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/zookeeper/releases/tag/release-3.8.6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/zookeeper/releases/tag/release-3.9.5"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache ZooKeeper has improper handling of configuration values"
}

GHSA-CRRM-JP94-W9FV

Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21
VLAI
Details

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-4443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-14T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.",
  "id": "GHSA-crrm-jp94-w9fv",
  "modified": "2022-05-17T03:21:19Z",
  "published": "2022-05-17T03:21:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4443"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1929"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2016-4443"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1929.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92751"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036863"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CV78-V957-JX34

Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-07-27 22:17
VLAI
Summary
Exposure of Sensitive Information in Gradle publish plugin
Details

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.gradle.publish:plugin-publish-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-27T22:17:45Z",
    "nvd_published_at": "2020-03-30T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.",
  "id": "GHSA-cv78-v957-jx34",
  "modified": "2022-07-27T22:17:45Z",
  "published": "2022-05-24T17:12:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7599"
    },
    {
      "type": "WEB",
      "url": "https://blog.gradle.org/plugin-portal-update"
    },
    {
      "type": "WEB",
      "url": "https://plugins.gradle.org/plugin/com.gradle.plugin-publish"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Sensitive Information in Gradle publish plugin"
}

GHSA-CVJJ-FXM4-8Q63

Vulnerability from github – Published: 2026-03-27 15:30 – Updated: 2026-03-27 15:30
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-27T15:16:42Z",
    "severity": "HIGH"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.",
  "id": "GHSA-cvjj-fxm4-8q63",
  "modified": "2026-03-27T15:30:25Z",
  "published": "2026-03-27T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11604"
    },
    {
      "type": "WEB",
      "url": "https://www.netiq.com/documentation/identity-manager-48-drivers/SCIMDriver1.0.1.0400_readme/data/SCIMDriver1.0.1.0400_readme.html"
    },
    {
      "type": "WEB",
      "url": "https://www.netiq.com/documentation/identity-manager-49-drivers/SCIMDriver1.1.0.0100_readme/data/SCIMDriver1.1.0.0100_readme.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:M/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CVM4-CFC7-C54Q

Vulnerability from github – Published: 2024-12-17 18:33 – Updated: 2025-01-07 18:30
VLAI
Details

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-17T18:15:23Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0stores potentially sensitive information in log files that could be read by a local privileged user.",
  "id": "GHSA-cvm4-cfc7-c54q",
  "modified": "2025-01-07T18:30:45Z",
  "published": "2024-12-17T18:33:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49816"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7175067"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW4R-P223-GFC3

Vulnerability from github – Published: 2025-06-19 18:31 – Updated: 2025-06-19 18:31
VLAI
Details

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-19T18:15:21Z",
    "severity": "MODERATE"
  },
  "details": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-cw4r-p223-gfc3",
  "modified": "2025-06-19T18:31:47Z",
  "published": "2025-06-19T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36050"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7237317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW5M-C88Q-X4PV

Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-12 15:31
VLAI
Details

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-11T21:18:58Z",
    "severity": "HIGH"
  },
  "details": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.",
  "id": "GHSA-cw5m-c88q-x4pv",
  "modified": "2026-05-12T15:31:34Z",
  "published": "2026-05-11T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28987"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127110"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127111"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127115"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127116"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127117"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127118"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/127119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.