CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-G35Q-CM9F-RP9H
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-14 18:30An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.
{
"affected": [],
"aliases": [
"CVE-2024-11193"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:08Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password.\u00a0An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources\nThis issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.",
"id": "GHSA-g35q-cm9f-rp9h",
"modified": "2024-11-14T18:30:34Z",
"published": "2024-11-13T21:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11193"
},
{
"type": "WEB",
"url": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G35X-J6JJ-8G7J
Vulnerability from github – Published: 2023-05-02 16:51 – Updated: 2023-05-02 16:51Impact
When debug logging is enabled (via DEBUG environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from Secret resources.
When running in a Kubernetes cluster, this might expose sensitive information to users who are not authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).
Patches
Upgrade to 3.5.0 or newer.
Workarounds
Disable debug logging entirely, or exclude the kubernetes:client debug item (for example, using DEBUG=*,-kubernetes:client).
References
- https://cwe.mitre.org/data/definitions/532.html
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@mittwald/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-02T16:51:25Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen debug logging is enabled (via `DEBUG` environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from `Secret` resources.\n\nWhen running in a Kubernetes cluster, this might expose sensitive information to users who are _not_ authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).\n\n### Patches\nUpgrade to 3.5.0 or newer.\n\n### Workarounds\nDisable debug logging entirely, or exclude the `kubernetes:client` debug item (for example, using `DEBUG=*,-kubernetes:client`).\n\n### References\n\n- https://cwe.mitre.org/data/definitions/532.html\n",
"id": "GHSA-g35x-j6jj-8g7j",
"modified": "2023-05-02T16:51:25Z",
"published": "2023-05-02T16:51:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j"
},
{
"type": "WEB",
"url": "https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd"
},
{
"type": "PACKAGE",
"url": "https://github.com/mittwald/node-kubernetes"
},
{
"type": "WEB",
"url": "https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "@mittwald/kubernetes\u0027s secret contents leaked via debug logging"
}
GHSA-G3JR-4JRM-JVQV
Vulnerability from github – Published: 2026-05-11 09:30 – Updated: 2026-06-05 14:14The Elasticsearch logging provider, when configured with a host URL that embeds credentials (for example https://user:password@server.example.com:9200), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to apache-airflow-providers-elasticsearch 6.5.3 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the [elasticsearch] host URL.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-providers-elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41018"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-15T17:26:58Z",
"nvd_published_at": "2026-05-11T09:16:25Z",
"severity": "MODERATE"
},
"details": "The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL \u2014 including the embedded credentials \u2014 into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to `apache-airflow-providers-elasticsearch` 6.5.3 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the `[elasticsearch] host` URL.",
"id": "GHSA-g3jr-4jrm-jvqv",
"modified": "2026-06-05T14:14:48Z",
"published": "2026-05-11T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41018"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/65349"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/f9244064016a8db45277efb0c24808e663b233f3"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-elasticsearch/PYSEC-2026-22.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/wz5l58drprmwlv6jxnq466x24jqbbhp7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/10/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL"
}
GHSA-G3P6-82VC-43JH
Vulnerability from github – Published: 2025-06-05 16:53 – Updated: 2025-06-06 15:59Impact
On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "yiisoft/yii2-redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48493"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-05T16:53:23Z",
"nvd_published_at": "2025-06-05T17:15:29Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nOn failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.",
"id": "GHSA-g3p6-82vc-43jh",
"modified": "2025-06-06T15:59:53Z",
"published": "2025-06-05T16:53:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2-redis/security/advisories/GHSA-g3p6-82vc-43jh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48493"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2-redis/commit/962252d2c57c187181e67bb66da3f27b4698358d"
},
{
"type": "PACKAGE",
"url": "https://github.com/yiisoft/yii2-redis"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Yii 2 Redis may expose AUTH parameters in logs in case of connection failure"
}
GHSA-G3QP-JR64-M396
Vulnerability from github – Published: 2024-04-18 00:30 – Updated: 2025-02-04 18:30A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
{
"affected": [],
"aliases": [
"CVE-2024-29955"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T22:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. \nThis could provide attackers with an additional, less-protected path to acquiring the encryption key.",
"id": "GHSA-g3qp-jr64-m396",
"modified": "2025-02-04T18:30:43Z",
"published": "2024-04-18T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29955"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23239"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G3R9-J55G-JG8J
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
{
"affected": [],
"aliases": [
"CVE-2019-19039"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-21T02:15:00Z",
"severity": "LOW"
},
"details": "__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.",
"id": "GHSA-g3r9-j55g-jg8j",
"modified": "2024-03-21T03:33:47Z",
"published": "2022-05-24T17:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19039"
},
{
"type": "WEB",
"url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4414-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G3W7-5HQX-74MG
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
{
"affected": [],
"aliases": [
"CVE-2018-7754"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-10T16:29:00Z",
"severity": "MODERATE"
},
"details": "The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading \"ffree: \" lines in a debugfs file.",
"id": "GHSA-g3w7-5hqx-74mg",
"modified": "2022-05-13T01:20:36Z",
"published": "2022-05-13T01:20:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7754"
},
{
"type": "WEB",
"url": "https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421"
},
{
"type": "WEB",
"url": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G4VQ-69FJ-97QW
Vulnerability from github – Published: 2024-06-26 03:31 – Updated: 2024-06-26 03:31Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.
{
"affected": [],
"aliases": [
"CVE-2024-29177"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-26T03:15:10Z",
"severity": "LOW"
},
"details": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.",
"id": "GHSA-g4vq-69fj-97qw",
"modified": "2024-06-26T03:31:50Z",
"published": "2024-06-26T03:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29177"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G53H-W976-F4Q2
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
{
"affected": [],
"aliases": [
"CVE-2020-11643"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-15T15:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.",
"id": "GHSA-g53h-w976-f4q2",
"modified": "2022-05-24T17:30:42Z",
"published": "2022-05-24T17:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11643"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
},
{
"type": "WEB",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G5P5-24RG-6XFQ
Vulnerability from github – Published: 2024-01-19 15:30 – Updated: 2024-04-09 09:31A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-0716"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T15:15:09Z",
"severity": "LOW"
},
"details": "A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-g5p5-24rg-6xfq",
"modified": "2024-04-09T09:31:10Z",
"published": "2024-01-19T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0716"
},
{
"type": "WEB",
"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.251541"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.251541"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.265177"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.