CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-FHC3-6CC5-9WM2
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:19The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
{
"affected": [],
"aliases": [
"CVE-2019-13098"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-22T16:15:00Z",
"severity": "MODERATE"
},
"details": "The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.",
"id": "GHSA-fhc3-6cc5-9wm2",
"modified": "2024-04-04T01:19:57Z",
"published": "2022-05-24T16:50:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13098"
},
{
"type": "WEB",
"url": "https://pastebin.com/a5VhaxYn"
},
{
"type": "WEB",
"url": "https://pastebin.com/raw/rVGbwSw0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FJ3R-HWRR-XQFR
Vulnerability from github – Published: 2026-02-20 00:31 – Updated: 2026-02-20 00:31Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
{
"affected": [],
"aliases": [
"CVE-2026-2350"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T00:16:17Z",
"severity": "MODERATE"
},
"details": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.",
"id": "GHSA-fj3r-hwrr-xqfr",
"modified": "2026-02-20T00:31:53Z",
"published": "2026-02-20T00:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2350"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2026-008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FJQQ-2VWG-X669
Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2024-04-04 04:24An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim.
{
"affected": [],
"aliases": [
"CVE-2023-28351"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T00:15:10Z",
"severity": "LOW"
},
"details": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim.",
"id": "GHSA-fjqq-2vwg-x669",
"modified": "2024-04-04T04:24:40Z",
"published": "2023-05-31T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28351"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/?research=Technical%20advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FJXV-6346-8J89
Vulnerability from github – Published: 2022-12-12 18:30 – Updated: 2022-12-15 18:30An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.
{
"affected": [],
"aliases": [
"CVE-2022-4311"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T18:15:00Z",
"severity": "MODERATE"
},
"details": "An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.",
"id": "GHSA-fjxv-6346-8j89",
"modified": "2022-12-15T18:30:24Z",
"published": "2022-12-12T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4311"
},
{
"type": "WEB",
"url": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FMG6-FMH4-F53C
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-32215"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:28Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.",
"id": "GHSA-fmg6-fmh4-f53c",
"modified": "2026-04-14T18:30:42Z",
"published": "2026-04-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32215"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FMJQ-R684-53F6
Vulnerability from github – Published: 2022-05-14 01:28 – Updated: 2022-05-14 01:28The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
{
"affected": [],
"aliases": [
"CVE-2018-5693"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-14T04:29:00Z",
"severity": "LOW"
},
"details": "The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.",
"id": "GHSA-fmjq-r684-53f6",
"modified": "2022-05-14T01:28:42Z",
"published": "2022-05-14T01:28:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5693"
},
{
"type": "WEB",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2113"
},
{
"type": "WEB",
"url": "http://forums.wizard.ca/viewtopic.php?f=17\u0026t=236760"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FP3R-VJ8X-58WW
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-59258"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:08Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.",
"id": "GHSA-fp3r-vj8x-58ww",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59258"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59258"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FPP3-FR29-G442
Vulnerability from github – Published: 2026-02-10 06:30 – Updated: 2026-02-10 06:30AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
{
"affected": [],
"aliases": [
"CVE-2025-11547"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T06:15:53Z",
"severity": "HIGH"
},
"details": "AXIS Camera Station Pro contained a flaw to\u00a0perform a privilege escalation attack on the server as a non-admin user.",
"id": "GHSA-fpp3-fr29-g442",
"modified": "2026-02-10T06:30:39Z",
"published": "2026-02-10T06:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11547"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FPQQ-XVP5-HHMQ
Vulnerability from github – Published: 2025-11-26 18:31 – Updated: 2025-11-26 18:31Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.
{
"affected": [],
"aliases": [
"CVE-2025-8663"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-03T07:15:34Z",
"severity": "HIGH"
},
"details": "Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.",
"id": "GHSA-fpqq-xvp5-hhmq",
"modified": "2025-11-26T18:31:01Z",
"published": "2025-11-26T18:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8663"
},
{
"type": "WEB",
"url": "https://support.upkeeper.se/hc/en-us/articles/22107280228252-CVE-2025-8663-Insertion-of-Sensitive-Information-into-Log-File"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FQWF-C5XQ-HMCF
Vulnerability from github – Published: 2024-03-29 18:30 – Updated: 2026-04-28 21:34Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.
{
"affected": [],
"aliases": [
"CVE-2024-30511"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-29T16:15:10Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.",
"id": "GHSA-fqwf-c5xq-hmcf",
"modified": "2026-04-28T21:34:25Z",
"published": "2024-03-29T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30511"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-45-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.