Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-G35Q-CM9F-RP9H

Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-14 18:30
VLAI
Details

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password.\u00a0An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources\nThis issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.",
  "id": "GHSA-g35q-cm9f-rp9h",
  "modified": "2024-11-14T18:30:34Z",
  "published": "2024-11-13T21:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11193"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G35X-J6JJ-8G7J

Vulnerability from github – Published: 2023-05-02 16:51 – Updated: 2023-05-02 16:51
VLAI
Summary
@mittwald/kubernetes's secret contents leaked via debug logging
Details

Impact

When debug logging is enabled (via DEBUG environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from Secret resources.

When running in a Kubernetes cluster, this might expose sensitive information to users who are not authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).

Patches

Upgrade to 3.5.0 or newer.

Workarounds

Disable debug logging entirely, or exclude the kubernetes:client debug item (for example, using DEBUG=*,-kubernetes:client).

References

  • https://cwe.mitre.org/data/definitions/532.html
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@mittwald/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-02T16:51:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen debug logging is enabled (via `DEBUG` environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from `Secret` resources.\n\nWhen running in a Kubernetes cluster, this might expose sensitive information to users who are _not_ authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).\n\n### Patches\nUpgrade to 3.5.0 or newer.\n\n### Workarounds\nDisable debug logging entirely, or exclude the `kubernetes:client` debug item (for example, using `DEBUG=*,-kubernetes:client`).\n\n### References\n\n- https://cwe.mitre.org/data/definitions/532.html\n",
  "id": "GHSA-g35x-j6jj-8g7j",
  "modified": "2023-05-02T16:51:25Z",
  "published": "2023-05-02T16:51:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mittwald/node-kubernetes"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@mittwald/kubernetes\u0027s secret contents leaked via debug logging"
}

GHSA-G3JR-4JRM-JVQV

Vulnerability from github – Published: 2026-05-11 09:30 – Updated: 2026-06-05 14:14
VLAI
Summary
Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL
Details

The Elasticsearch logging provider, when configured with a host URL that embeds credentials (for example https://user:password@server.example.com:9200), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to apache-airflow-providers-elasticsearch 6.5.3 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the [elasticsearch] host URL.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-15T17:26:58Z",
    "nvd_published_at": "2026-05-11T09:16:25Z",
    "severity": "MODERATE"
  },
  "details": "The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL \u2014 including the embedded credentials \u2014 into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to `apache-airflow-providers-elasticsearch` 6.5.3 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the `[elasticsearch] host` URL.",
  "id": "GHSA-g3jr-4jrm-jvqv",
  "modified": "2026-06-05T14:14:48Z",
  "published": "2026-05-11T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41018"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/65349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/commit/f9244064016a8db45277efb0c24808e663b233f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-elasticsearch/PYSEC-2026-22.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/wz5l58drprmwlv6jxnq466x24jqbbhp7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/10/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL"
}

GHSA-G3P6-82VC-43JH

Vulnerability from github – Published: 2025-06-05 16:53 – Updated: 2025-06-06 15:59
VLAI
Summary
Yii 2 Redis may expose AUTH parameters in logs in case of connection failure
Details

Impact

On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "yiisoft/yii2-redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-05T16:53:23Z",
    "nvd_published_at": "2025-06-05T17:15:29Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nOn failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.",
  "id": "GHSA-g3p6-82vc-43jh",
  "modified": "2025-06-06T15:59:53Z",
  "published": "2025-06-05T16:53:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-redis/security/advisories/GHSA-g3p6-82vc-43jh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-redis/commit/962252d2c57c187181e67bb66da3f27b4698358d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yiisoft/yii2-redis"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Yii 2 Redis may expose AUTH parameters in logs in case of connection failure"
}

GHSA-G3QP-JR64-M396

Vulnerability from github – Published: 2024-04-18 00:30 – Updated: 2025-02-04 18:30
VLAI
Details

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. \nThis could provide attackers with an additional, less-protected path to acquiring the encryption key.",
  "id": "GHSA-g3qp-jr64-m396",
  "modified": "2025-02-04T18:30:43Z",
  "published": "2024-04-18T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29955"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G3R9-J55G-JG8J

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2024-03-21 03:33
VLAI
Details

__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-21T02:15:00Z",
    "severity": "LOW"
  },
  "details": "__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.",
  "id": "GHSA-g3r9-j55g-jg8j",
  "modified": "2024-03-21T03:33:47Z",
  "published": "2022-05-24T17:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19039"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4414-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G3W7-5HQX-74MG

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20
VLAI
Details

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-10T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading \"ffree: \" lines in a debugfs file.",
  "id": "GHSA-g3w7-5hqx-74mg",
  "modified": "2022-05-13T01:20:36Z",
  "published": "2022-05-13T01:20:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7754"
    },
    {
      "type": "WEB",
      "url": "https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421"
    },
    {
      "type": "WEB",
      "url": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G4VQ-69FJ-97QW

Vulnerability from github – Published: 2024-06-26 03:31 – Updated: 2024-06-26 03:31
VLAI
Details

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-26T03:15:10Z",
    "severity": "LOW"
  },
  "details": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.",
  "id": "GHSA-g4vq-69fj-97qw",
  "modified": "2024-06-26T03:31:50Z",
  "published": "2024-06-26T03:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29177"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G53H-W976-F4Q2

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.",
  "id": "GHSA-g53h-w976-f4q2",
  "modified": "2022-05-24T17:30:42Z",
  "published": "2022-05-24T17:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11643"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G5P5-24RG-6XFQ

Vulnerability from github – Published: 2024-01-19 15:30 – Updated: 2024-04-09 09:31
VLAI
Details

A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T15:15:09Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-g5p5-24rg-6xfq",
  "modified": "2024-04-09T09:31:10Z",
  "published": "2024-01-19T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0716"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.251541"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.251541"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.265177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.