CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1743 vulnerabilities reference this CWE, most recent first.
CVE-2024-34559 (GCVE-0-2024-34559)
Vulnerability from cvelistv5 – Published: 2024-05-09 12:03 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/gho… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Ghost Foundation | Ghost |
Affected:
n/a , ≤ 1.4.0
(custom)
|
|
| ghost | ghost |
Affected:
0 , ≤ 1.4.0
(custom)
cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T19:44:52.257515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:21:16.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ghost",
"product": "Ghost",
"vendor": "Ghost Foundation",
"versions": [
{
"changes": [
{
"at": "1.5.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.\u003cp\u003eThis issue affects Ghost: from n/a through 1.4.0.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:49.526Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.5.0 or a higher version."
}
],
"value": "Update to 1.5.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Ghost plugin \u003c= 1.4.0 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34559",
"datePublished": "2024-05-09T12:03:01.037Z",
"dateReserved": "2024-05-06T19:21:15.224Z",
"dateUpdated": "2026-04-28T16:09:49.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34550 (GCVE-0-2024-34550)
Vulnerability from cvelistv5 – Published: 2024-05-09 12:10 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/int… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| AlexaCRM | Dynamics 365 Integration |
Affected:
n/a , ≤ 1.3.17
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:14:56.234528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:20.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "integration-dynamics",
"product": "Dynamics 365 Integration",
"vendor": "AlexaCRM",
"versions": [
{
"changes": [
{
"at": "1.3.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.17",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.17.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:49.261Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.3.18 or a higher version."
}
],
"value": "Update to 1.3.18 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.17 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34550",
"datePublished": "2024-05-09T12:10:57.441Z",
"dateReserved": "2024-05-06T19:20:58.335Z",
"dateUpdated": "2026-04-28T16:09:49.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34353 (GCVE-0-2024-34353)
Vulnerability from cvelistv5 – Published: 2024-05-13 15:43 – Updated: 2024-08-02 02:51- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/sec… | x_refsource_CONFIRM |
| https://github.com/matrix-org/matrix-rust-sdk/com… | x_refsource_MISC |
| https://github.com/matrix-org/matrix-rust-sdk/com… | x_refsource_MISC |
| https://crates.io/crates/matrix-sdk-crypto/0.7.1 | x_refsource_MISC |
| https://github.com/matrix-org/matrix-rust-sdk/rel… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| matrix-org | matrix-sdk-crypto |
Affected:
= 0.7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:09:35.013317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T16:09:42.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:10.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
},
{
"name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "matrix-sdk-crypto",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "= 0.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user\u0027s devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric\ncryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T20:13:41.721Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-9ggc-845v-gcgv"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/71136e44c03c79f80d6d1a2446673bc4d53a2067"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/fa10bbb5dd0f9120a51aa1854cec752e25790bb0"
},
{
"name": "https://crates.io/crates/matrix-sdk-crypto/0.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://crates.io/crates/matrix-sdk-crypto/0.7.1"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-crypto-0.7.1"
}
],
"source": {
"advisory": "GHSA-9ggc-845v-gcgv",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-crypto contains a log exposure of private key of the server-side key backup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34353",
"datePublished": "2024-05-13T15:43:10.574Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:10.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33922 (GCVE-0-2024-33922)
Vulnerability from cvelistv5 – Published: 2024-05-02 11:02 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/med… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Jordy Meow | WP Media Cleaner |
Affected:
n/a , ≤ 6.7.2
(custom)
|
|
| wordpress | media_cleaner |
Affected:
- , ≤ 6.7.2
(custom)
cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:media_cleaner:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_cleaner",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:26:33.292459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:03.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "media-cleaner",
"product": "WP Media Cleaner",
"vendor": "Jordy Meow",
"versions": [
{
"changes": [
{
"at": "6.7.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.\u003cp\u003eThis issue affects WP Media Cleaner: from n/a through 6.7.2.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:46.295Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.7.3 or a higher version."
}
],
"value": "Update to 6.7.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP Media Cleaner plugin \u003c= 6.7.2 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33922",
"datePublished": "2024-05-02T11:02:50.298Z",
"dateReserved": "2024-04-29T08:10:02.865Z",
"dateUpdated": "2026-04-28T16:09:46.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33637 (GCVE-0-2024-33637)
Vulnerability from cvelistv5 – Published: 2024-04-29 07:46 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/sol… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Solid Plugins | Solid Affiliate |
Affected:
n/a , ≤ 1.9.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:21:08.841515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:27.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solid Affiliate",
"vendor": "Solid Plugins",
"versions": [
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Francois Harvey (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.\u003cp\u003eThis issue affects Solid Affiliate: from n/a through 1.9.1.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:44.566Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Solid Affiliate plugin \u003c= 1.9.1 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33637",
"datePublished": "2024-04-29T07:46:35.152Z",
"dateReserved": "2024-04-25T08:14:57.580Z",
"dateUpdated": "2026-04-28T16:09:44.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32953 (GCVE-0-2024-32953)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:36 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/new… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Newsletters |
Affected:
n/a , ≤ 4.9.5
(custom)
|
||
| tribulant | newsletters |
Affected:
0 , ≤ 4.9.5
(custom)
cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:52.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "newsletters",
"vendor": "tribulant",
"versions": [
{
"lessThanOrEqual": "4.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:41:19.968497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:35:22.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "newsletters-lite",
"product": "Newsletters",
"versions": [
{
"changes": [
{
"at": "4.9.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.9.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Peng Zhou (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.\u003cp\u003eThis issue affects Newsletters: from n/a through 4.9.5.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:42.306Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.9.6 or a higher version."
}
],
"value": "Update to 4.9.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Newsletters plugin \u003c= 4.9.5 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32953",
"datePublished": "2024-04-24T07:36:06.123Z",
"dateReserved": "2024-04-22T10:41:46.933Z",
"dateUpdated": "2026-04-28T16:09:42.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32811 (GCVE-0-2024-32811)
Vulnerability from cvelistv5 – Published: 2024-06-09 12:44 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fle… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Octolize | USPS Shipping for WooCommerce – Live Rates |
Affected:
n/a , ≤ 1.9.4
(custom)
|
|
| octolize | usps_shipping_for_woocommerce-live_rates |
Affected:
0 , ≤ 1.9.4
(custom)
cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:octolize:usps_shipping_for_woocommerce-live_rates:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usps_shipping_for_woocommerce-live_rates",
"vendor": "octolize",
"versions": [
{
"lessThanOrEqual": "1.9.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T15:15:06.159161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T15:16:48.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "flexible-shipping-usps",
"product": "USPS Shipping for WooCommerce \u2013 Live Rates",
"vendor": "Octolize",
"versions": [
{
"changes": [
{
"at": "1.10.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.\u003cp\u003eThis issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.This issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.983Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-live-rates-plugin-1-9-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.10.0 or a higher version."
}
],
"value": "Update to 1.10.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress USPS Shipping for WooCommerce \u2013 Live Rates plugin \u003c= 1.9.4 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32811",
"datePublished": "2024-06-09T12:44:39.133Z",
"dateReserved": "2024-04-18T10:16:31.361Z",
"dateUpdated": "2026-04-28T16:09:40.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32788 (GCVE-0-2024-32788)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:46 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fg-… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Frédéric GILLES | FG Joomla to WordPress |
Affected:
n/a , ≤ 4.20.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:18:01.318892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:31.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fg-joomla-to-wordpress",
"product": "FG Joomla to WordPress",
"vendor": "Fr\u00e9d\u00e9ric GILLES",
"versions": [
{
"changes": [
{
"at": "4.21.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.20.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yudistira Arya (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.\u003cp\u003eThis issue affects FG Joomla to WordPress: from n/a through 4.20.2.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.412Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.21.0 or a higher version."
}
],
"value": "Update to 4.21.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress FG Joomla to Wordpress plugin \u003c= 4.20.2 - Sensitive Data Exposure via Log File vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32788",
"datePublished": "2024-04-24T07:46:09.737Z",
"dateReserved": "2024-04-18T09:15:22.752Z",
"dateUpdated": "2026-04-28T16:09:40.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32757 (GCVE-0-2024-32757)
Vulnerability from cvelistv5 – Published: 2024-07-02 14:02 – Updated: 2024-08-02 02:20- CWE-532 - Insertion of Sensitive Information into Log File
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | American Dynamics Illustra Essentials Gen 4 |
Unaffected:
0 , ≤ Illustra.Ess4.01.02.10.5982
(custom)
|
|
| johnsoncontrols | illustra_essential_gen_4_firmware |
Affected:
0 , < Illustra.Ess4.01.02.13.6953
(custom)
cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:johnsoncontrols:illustra_essential_gen_4_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "illustra_essential_gen_4_firmware",
"vendor": "johnsoncontrols",
"versions": [
{
"lessThan": "Illustra.Ess4.01.02.13.6953",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T13:52:39.937857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:52:43.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "American Dynamics Illustra Essentials Gen 4",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "Illustra.Ess4.01.02.10.5982",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sam Hanson of Dragos"
}
],
"datePublic": "2024-06-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances unnecessary user details are provided within system logs\u003c/span\u003e"
}
],
"value": "Under certain circumstances unnecessary user details are provided within system logs"
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653: Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T11:52:43.770Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003eUpdate firmware to Illustra.Ess4.01.02.13.6953\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update firmware to Illustra.Ess4.01.02.13.6953"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32757",
"datePublished": "2024-07-02T14:02:15.247Z",
"dateReserved": "2024-04-17T17:26:35.181Z",
"dateUpdated": "2024-08-02T02:20:35.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32686 (GCVE-0-2024-32686)
Vulnerability from cvelistv5 – Published: 2024-04-18 10:31 – Updated: 2026-04-28 16:09- CWE-532 - Insertion of Sensitive Information into Log File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/bac… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Inisev | Backup Migration |
Affected:
n/a , ≤ 1.4.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T15:36:32.221372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:10.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:34.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-4-3-sensitive-data-exposure-via-log-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "backup-backup",
"product": "Backup Migration",
"vendor": "Inisev",
"versions": [
{
"changes": [
{
"at": "1.4.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "emad (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.\u003cp\u003eThis issue affects Backup Migration: from n/a through 1.4.3.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:39.047Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-4-3-sensitive-data-exposure-via-log-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.4.4 or a higher version."
}
],
"value": "Update to 1.4.4 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Backup Migration plugin \u003c= 1.4.3 - Sensitive Data Exposure via Log vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32686",
"datePublished": "2024-04-18T10:31:38.641Z",
"dateReserved": "2024-04-17T08:55:51.661Z",
"dateUpdated": "2026-04-28T16:09:39.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.