Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-WWGX-94V6-FC2P

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-12-12 17:00
VLAI
Summary
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Details

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. As of version 1.16, the plugin no longer logs the ssh-add invocation that would reveal the passphrase.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.15"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:ssh-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1999036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-12T17:00:02Z",
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "severity": "LOW"
  },
  "details": "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. As of version 1.16, the plugin no longer logs the ssh-add invocation that would reveal the passphrase.\n\n",
  "id": "GHSA-wwgx-94v6-fc2p",
  "modified": "2022-12-12T17:00:02Z",
  "published": "2022-05-13T01:50:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/3a8abe1889d25f9a73cdba202cf27212b273de4d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/ssh-agent-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log"
}

GHSA-WX2H-56XM-3293

Vulnerability from github – Published: 2022-03-09 00:00 – Updated: 2022-03-17 00:02
VLAI
Details

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-08T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.",
  "id": "GHSA-wx2h-56xm-3293",
  "modified": "2022-03-17T00:02:49Z",
  "published": "2022-03-09T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41543"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXC6-2XQR-Q2PG

Vulnerability from github – Published: 2022-11-25 06:30 – Updated: 2025-04-25 18:31
VLAI
Details

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-25T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.",
  "id": "GHSA-wxc6-2xqr-q2pg",
  "modified": "2025-04-25T18:31:01Z",
  "published": "2022-11-25T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2721"
    },
    {
      "type": "WEB",
      "url": "https://advisories.octopus.com/post/2022/sa2022-24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXCR-9P2R-C64C

Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10
VLAI
Details

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-21T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.",
  "id": "GHSA-wxcr-9p2r-c64c",
  "modified": "2022-05-14T01:10:43Z",
  "published": "2022-05-14T01:10:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6139"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K45432295"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106186"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3GJ-R7R3-V6VJ

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details

A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-2372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-14T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.",
  "id": "GHSA-x3gj-r7r3-v6vj",
  "modified": "2022-05-13T01:19:57Z",
  "published": "2022-05-13T01:19:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2372"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2589129"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3PH-R68G-GGHQ

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13
VLAI
Details

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-08T19:15:00Z",
    "severity": "LOW"
  },
  "details": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.",
  "id": "GHSA-x3ph-r68g-gghq",
  "modified": "2022-05-24T17:13:53Z",
  "published": "2022-05-24T17:13:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1987"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1987"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X3VM-88HF-GPXP

Vulnerability from github – Published: 2025-07-15 15:18 – Updated: 2025-07-15 15:18
VLAI
Summary
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
Details

Summary

When using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template string.

Impact

Malicious admins can log sensitive data from other users when they are created or updated.

Workarounds

Avoid logging sensitive data to the console outside the context of development.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "directus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "11.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-15T15:18:06Z",
    "nvd_published_at": "2025-07-15T00:15:23Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWhen using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the \"Log to Console\" operation and a template string. \n\n### Impact\n\nMalicious admins can log sensitive data from other users when they are created or updated.\n\n### Workarounds\nAvoid logging sensitive data to the console outside the context of development.",
  "id": "GHSA-x3vm-88hf-gpxp",
  "modified": "2025-07-15T15:18:06Z",
  "published": "2025-07-15T15:18:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/security/advisories/GHSA-x3vm-88hf-gpxp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/pull/25355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/commit/859f664f56fb50401c407b095889cea38ff580e5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/directus/directus"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/releases/tag/v11.9.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged"
}

GHSA-X4M4-345F-5H5G

Vulnerability from github – Published: 2026-04-09 21:31 – Updated: 2026-06-18 23:09
VLAI
Summary
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
Details

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.13"
            },
            {
              "fixed": "9.0.117"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.13"
            },
            {
              "fixed": "9.0.117"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-10T21:38:41Z",
    "nvd_published_at": "2026-04-09T20:16:25Z",
    "severity": "HIGH"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
  "id": "GHSA-x4m4-345f-5h5g",
  "modified": "2026-06-18T23:09:48Z",
  "published": "2026-04-09T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-10.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-11.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-9.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/09/28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File"
}

GHSA-X4MC-CQQX-F746

Vulnerability from github – Published: 2023-12-14 09:30 – Updated: 2024-09-18 09:30
VLAI
Details

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n",
  "id": "GHSA-x4mc-cqqx-f746",
  "modified": "2024-09-18T09:30:34Z",
  "published": "2023-12-14T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1904"
    },
    {
      "type": "WEB",
      "url": "https://advisories.octopus.com/post/2023/sa2023-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4R3-2P23-JWM4

Vulnerability from github – Published: 2026-03-26 00:30 – Updated: 2026-03-26 00:30
VLAI
Details

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T22:16:19Z",
    "severity": "MODERATE"
  },
  "details": "IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.",
  "id": "GHSA-x4r3-2p23-jwm4",
  "modified": "2026-03-26T00:30:55Z",
  "published": "2026-03-26T00:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36187"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267542"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.