CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1742 vulnerabilities reference this CWE, most recent first.
GHSA-CQGV-256R-M9R8
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-06-23 17:58Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.8.13"
},
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.8.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.9"
},
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7021"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-23T17:58:18Z",
"nvd_published_at": "2021-02-10T19:15:00Z",
"severity": "MODERATE"
},
"details": "Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.",
"id": "GHSA-cqgv-256r-m9r8",
"modified": "2022-06-23T17:58:18Z",
"published": "2022-05-24T17:41:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7021"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915"
},
{
"type": "PACKAGE",
"url": "https://github.com/elastic/elasticsearch"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210319-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insertion of Sensitive Information into Log File in Elasticsearch"
}
GHSA-CQGV-GR59-9QF6
Vulnerability from github – Published: 2025-07-18 00:30 – Updated: 2026-02-02 15:30Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-6391"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T22:15:26Z",
"severity": "HIGH"
},
"details": "Brocade ASCG before 3.3.0 logs JSON \nWeb Tokens (JWT) in log files. An attacker with access to the log files \n can withdraw the unencrypted tokens with security implications, such as\n unauthorized access, session hijacking, and information disclosure.",
"id": "GHSA-cqgv-gr59-9qf6",
"modified": "2026-02-02T15:30:32Z",
"published": "2025-07-18T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6391"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CR9W-99VR-7F2H
Vulnerability from github – Published: 2023-10-03 15:30 – Updated: 2024-04-04 08:11Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.
{
"affected": [],
"aliases": [
"CVE-2023-3349"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T14:15:10Z",
"severity": "HIGH"
},
"details": "Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.",
"id": "GHSA-cr9w-99vr-7f2h",
"modified": "2024-04-04T08:11:15Z",
"published": "2023-10-03T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3349"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRHR-QQJ8-RPXC
Vulnerability from github – Published: 2026-03-07 09:30 – Updated: 2026-03-09 18:19Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.zookeeper:zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "3.9.0"
},
{
"fixed": "3.9.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.zookeeper:zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "3.8.0"
},
{
"fixed": "3.8.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24308"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-09T18:19:16Z",
"nvd_published_at": "2026-03-07T09:16:07Z",
"severity": "HIGH"
},
"details": "Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client\u0027s logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue.\u00a0Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.",
"id": "GHSA-crhr-qqj8-rpxc",
"modified": "2026-03-09T18:19:16Z",
"published": "2026-03-07T09:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/zookeeper"
},
{
"type": "WEB",
"url": "https://github.com/apache/zookeeper/releases/tag/release-3.8.6"
},
{
"type": "WEB",
"url": "https://github.com/apache/zookeeper/releases/tag/release-3.9.5"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/07/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache ZooKeeper has improper handling of configuration values"
}
GHSA-CRRM-JP94-W9FV
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
{
"affected": [],
"aliases": [
"CVE-2016-4443"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-14T18:59:00Z",
"severity": "MODERATE"
},
"details": "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.",
"id": "GHSA-crrm-jp94-w9fv",
"modified": "2022-05-17T03:21:19Z",
"published": "2022-05-17T03:21:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4443"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1929"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2016-4443"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1929.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92751"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036863"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CV78-V957-JX34
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-07-27 22:17All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.gradle.publish:plugin-publish-plugin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7599"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-27T22:17:45Z",
"nvd_published_at": "2020-03-30T19:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.",
"id": "GHSA-cv78-v957-jx34",
"modified": "2022-07-27T22:17:45Z",
"published": "2022-05-24T17:12:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7599"
},
{
"type": "WEB",
"url": "https://blog.gradle.org/plugin-portal-update"
},
{
"type": "WEB",
"url": "https://plugins.gradle.org/plugin/com.gradle.plugin-publish"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Sensitive Information in Gradle publish plugin"
}
GHSA-CVJJ-FXM4-8Q63
Vulnerability from github – Published: 2026-03-27 15:30 – Updated: 2026-03-27 15:30Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.
{
"affected": [],
"aliases": [
"CVE-2024-11604"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T15:16:42Z",
"severity": "HIGH"
},
"details": "Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.",
"id": "GHSA-cvjj-fxm4-8q63",
"modified": "2026-03-27T15:30:25Z",
"published": "2026-03-27T15:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11604"
},
{
"type": "WEB",
"url": "https://www.netiq.com/documentation/identity-manager-48-drivers/SCIMDriver1.0.1.0400_readme/data/SCIMDriver1.0.1.0400_readme.html"
},
{
"type": "WEB",
"url": "https://www.netiq.com/documentation/identity-manager-49-drivers/SCIMDriver1.1.0.0100_readme/data/SCIMDriver1.1.0.0100_readme.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:M/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-CVM4-CFC7-C54Q
Vulnerability from github – Published: 2024-12-17 18:33 – Updated: 2025-01-07 18:30IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
{
"affected": [],
"aliases": [
"CVE-2024-49816"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-17T18:15:23Z",
"severity": "MODERATE"
},
"details": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0stores potentially sensitive information in log files that could be read by a local privileged user.",
"id": "GHSA-cvm4-cfc7-c54q",
"modified": "2025-01-07T18:30:45Z",
"published": "2024-12-17T18:33:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49816"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7175067"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CW4R-P223-GFC3
Vulnerability from github – Published: 2025-06-19 18:31 – Updated: 2025-06-19 18:31IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
{
"affected": [],
"aliases": [
"CVE-2025-36050"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-19T18:15:21Z",
"severity": "MODERATE"
},
"details": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.",
"id": "GHSA-cw4r-p223-gfc3",
"modified": "2025-06-19T18:31:47Z",
"published": "2025-06-19T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36050"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CW5M-C88Q-X4PV
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-12 15:31A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.
{
"affected": [],
"aliases": [
"CVE-2026-28987"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:58Z",
"severity": "HIGH"
},
"details": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.",
"id": "GHSA-cw5m-c88q-x4pv",
"modified": "2026-05-12T15:31:34Z",
"published": "2026-05-11T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28987"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127110"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127111"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127115"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127116"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127117"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127118"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.