CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
CVE-2018-1072 (GCVE-0-2018-1072)
Vulnerability from cvelistv5 – Published: 2018-06-26 18:00 – Updated: 2024-08-05 03:51| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2071 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | ovirt-engine-setup |
Affected:
oVirt 4.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ovirt-engine-setup",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "oVirt 4.2.2"
}
]
}
],
"datePublic": "2018-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options \"--provision*db\", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ovirt-engine-setup",
"version": {
"version_data": [
{
"version_value": "oVirt 4.2.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options \"--provision*db\", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1072",
"datePublished": "2018-06-26T18:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:51:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9278 (GCVE-0-2017-9278)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:05- password disclosure via logging
- CWE-532
| URL | Tags |
|---|---|
| https://download.novell.com/Download?buildid=DKFk… | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1053200 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager Oracle EBS driver |
Affected:
unspecified , < 4.0.2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager Oracle EBS driver",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.0.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password disclosure via logging",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
},
"title": "Avoid password disclosure via EBS event logging in the iManager Oracle driver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-09-01T00:00:00.000Z",
"ID": "CVE-2017-9278",
"STATE": "PUBLIC",
"TITLE": "Avoid password disclosure via EBS event logging in the iManager Oracle driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager Oracle EBS driver",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.0.2.0"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password disclosure via logging"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~",
"refsource": "CONFIRM",
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1053200",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
]
},
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9278",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:43.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7550 (GCVE-0-2017-7550)
Vulnerability from cvelistv5 – Published: 2017-11-21 17:00 – Updated: 2024-08-05 16:04| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1473645 | x_refsource_CONFIRM |
| https://github.com/ansible/ansible/issues/30874 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:2966 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | ansible |
Affected:
2.3.x before 2.3.3, 2.4.x before 2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ansible/ansible/issues/30874"
},
{
"name": "RHSA-2017:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "2.3.x before 2.3.3, 2.4.x before 2.4.1"
}
]
}
],
"datePublic": "2017-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ansible/ansible/issues/30874"
},
{
"name": "RHSA-2017:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2966"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7550",
"datePublished": "2017-11-21T17:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7434 (GCVE-0-2017-7434)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 02:47- logging credentials
- CWE-532
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1005907 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
unspecified , < 4.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1005907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "logging credentials",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:01.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1005907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html"
}
],
"source": {
"defect": [
"1005907"
],
"discovery": "INTERNAL"
},
"title": "NetIQ Identity Manager JDBC driver could leak passwords in exception traces",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-02-01T00:00:00.000Z",
"ID": "CVE-2017-7434",
"STATE": "PUBLIC",
"TITLE": "NetIQ Identity Manager JDBC driver could leak passwords in exception traces"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.6"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "logging credentials"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1005907",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1005907"
},
{
"name": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html"
}
]
},
"source": {
"defect": [
"1005907"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7434",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:26.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2592 (GCVE-0-2017-2592)
Vulnerability from cvelistv5 – Published: 2018-05-08 17:00 – Updated: 2024-08-05 14:02| URL | Tags |
|---|---|
| https://review.openstack.org/#/c/425732/ | x_refsource_MISC |
| http://lists.openstack.org/pipermail/openstack-an… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0300.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:0300 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0435.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95827 | vdb-entryx_refsource_BID |
| https://review.openstack.org/#/c/425730/ | x_refsource_MISC |
| https://review.openstack.org/#/c/425734/ | x_refsource_MISC |
| https://bugs.launchpad.net/keystonemiddleware/+bu… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2017:0435 | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3666-1/ | vendor-advisoryx_refsource_UBUNTU |
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | python-oslo-middleware |
Affected:
python-oslo-middleware 3.8.1
Affected: python-oslo-middleware 3.19.1 Affected: python-oslo-middleware 3.23.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/425732/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"name": "RHSA-2017:0300",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"name": "RHSA-2017:0435",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"name": "95827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/425730/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/425734/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"name": "USN-3666-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3666-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-oslo-middleware",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "python-oslo-middleware 3.8.1"
},
{
"status": "affected",
"version": "python-oslo-middleware 3.19.1"
},
{
"status": "affected",
"version": "python-oslo-middleware 3.23.1"
}
]
}
],
"datePublic": "2017-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback\u0027s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.openstack.org/#/c/425732/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"name": "RHSA-2017:0300",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"name": "RHSA-2017:0435",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"name": "95827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.openstack.org/#/c/425730/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.openstack.org/#/c/425734/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"name": "USN-3666-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3666-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-oslo-middleware",
"version": {
"version_data": [
{
"version_value": "python-oslo-middleware 3.8.1"
},
{
"version_value": "python-oslo-middleware 3.19.1"
},
{
"version_value": "python-oslo-middleware 3.23.1"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback\u0027s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.openstack.org/#/c/425732/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425732/"
},
{
"name": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html",
"refsource": "CONFIRM",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"name": "RHSA-2017:0300",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:0300",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"name": "RHSA-2017:0435",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"name": "95827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95827"
},
{
"name": "https://review.openstack.org/#/c/425730/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425730/"
},
{
"name": "https://review.openstack.org/#/c/425734/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425734/"
},
{
"name": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:0435",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"name": "USN-3666-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3666-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2592",
"datePublished": "2018-05-08T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:06.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10362 (GCVE-0-2016-10362)
Vulnerability from cvelistv5 – Published: 2017-06-16 21:00 – Updated: 2024-08-06 03:21- CWE-532 - Information Exposure Through Log Files
| URL | Tags |
|---|---|
| https://www.elastic.co/community/security | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99154 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:50.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.0.1"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-21T09:57:01.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2016-10362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.0.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "99154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2016-10362",
"datePublished": "2017-06-16T21:00:00.000Z",
"dateReserved": "2017-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:21:50.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22CV-MR79-8P5C
Vulnerability from github – Published: 2024-10-02 18:31 – Updated: 2024-10-02 18:31A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.
This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2024-20490"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-02T17:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.\n\nThis vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network.\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.",
"id": "GHSA-22cv-mr79-8p5c",
"modified": "2024-10-02T18:31:33Z",
"published": "2024-10-02T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20490"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-22JR-F6PC-522X
Vulnerability from github – Published: 2026-02-20 00:31 – Updated: 2026-02-20 00:31Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
{
"affected": [],
"aliases": [
"CVE-2026-1292"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T00:16:14Z",
"severity": "MODERATE"
},
"details": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.",
"id": "GHSA-22jr-f6pc-522x",
"modified": "2026-02-20T00:31:53Z",
"published": "2026-02-20T00:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1292"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2026-007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-23H2-XX79-4XWR
Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-11-03 21:32A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.
{
"affected": [],
"aliases": [
"CVE-2025-24145"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T22:15:18Z",
"severity": "LOW"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact\u0027s phone number in system logs.",
"id": "GHSA-23h2-xx79-4xwr",
"modified": "2025-11-03T21:32:29Z",
"published": "2025-01-28T00:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24145"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122066"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122068"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/13"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-23QF-P445-3VHR
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:46An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
{
"affected": [],
"aliases": [
"CVE-2019-5634"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-22T14:15:00Z",
"severity": "MODERATE"
},
"details": "An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device\u0027s default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.",
"id": "GHSA-23qf-p445-3vhr",
"modified": "2024-04-04T01:46:35Z",
"published": "2022-05-24T16:54:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5634"
},
{
"type": "WEB",
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=com.belwith.hickorysmart\u0026hl=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.