Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-2R5R-X58V-CX3W

Vulnerability from github – Published: 2021-05-25 20:05 – Updated: 2021-12-20 17:46
VLAI
Summary
Information Disclosure in OpenShift Container Platform
Details

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-22T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.",
  "id": "GHSA-2r5r-x58v-cx3w",
  "modified": "2021-12-20T17:46:48Z",
  "published": "2021-05-25T20:05:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10712"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Information Disclosure in OpenShift Container Platform"
}

GHSA-2R6R-XV9X-QFCR

Vulnerability from github – Published: 2026-01-16 18:31 – Updated: 2026-01-16 18:31
VLAI
Details

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-16T18:16:07Z",
    "severity": "MODERATE"
  },
  "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.",
  "id": "GHSA-2r6r-xv9x-qfcr",
  "modified": "2026-01-16T18:31:33Z",
  "published": "2026-01-16T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43508"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125634"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2RHM-RW5W-H5P8

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.",
  "id": "GHSA-2rhm-rw5w-h5p8",
  "modified": "2022-05-24T19:07:05Z",
  "published": "2022-05-24T19:07:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24038"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dmitriy-area51/Exploit/tree/master/CVE-2020-24038"
    },
    {
      "type": "WEB",
      "url": "https://myfax.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2RXG-F4R2-FM3C

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2023-02-02 18:30
VLAI
Details

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-11T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.",
  "id": "GHSA-2rxg-f4r2-fm3c",
  "modified": "2023-02-02T18:30:55Z",
  "published": "2022-05-24T16:50:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10194"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2499"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-10194"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1726007"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109140"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VCW-8VC6-XXFW

Vulnerability from github – Published: 2023-04-27 00:30 – Updated: 2024-04-04 03:42
VLAI
Details

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-26T23:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.",
  "id": "GHSA-2vcw-8vc6-xxfw",
  "modified": "2024-04-04T03:42:27Z",
  "published": "2023-04-27T00:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786"
    },
    {
      "type": "WEB",
      "url": "https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/cloud-init/+bug/2013967"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/security/notices/USN-6042-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2W67-MWP7-3283

Vulnerability from github – Published: 2024-06-21 18:31 – Updated: 2024-06-21 18:31
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T16:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.",
  "id": "GHSA-2w67-mwp7-3283",
  "modified": "2024-06-21T18:31:00Z",
  "published": "2024-06-21T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44587"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2W6J-VFMX-4R46

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.",
  "id": "GHSA-2w6j-vfmx-4r46",
  "modified": "2022-05-24T19:05:06Z",
  "published": "2022-05-24T19:05:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25422"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2WH2-FFF9-4M63

Vulnerability from github – Published: 2023-07-13 03:30 – Updated: 2024-04-04 06:06
VLAI
Details

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-13T03:15:10Z",
    "severity": "LOW"
  },
  "details": "An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.",
  "id": "GHSA-2wh2-fff9-4m63",
  "modified": "2024-04-04T06:06:30Z",
  "published": "2023-07-13T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3363"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2WX6-WC87-RMJM

Vulnerability from github – Published: 2020-03-19 17:29 – Updated: 2024-09-20 17:31
VLAI
Summary
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Details

Impact

The GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --from-pr, etc.) is shown in plain text in EasyBuild debug log files.

Scope:

  • the log message only appears in the top-level log file, not in the individual software installation logs (see https://easybuild.readthedocs.io/en/latest/Logfiles.html);
    • as a consequence, tokens are not included in the partial log files that are uploaded into a gist when using --upload-test-report in combination with --from-pr, nor in the installation logs that are copied to the software installation directories;
  • the message is only logged when using --debug, so it will not appear when using the default EasyBuild configuration (only info messages are logged by default);
  • the log message is triggered via --from-pr, but also via various other GitHub integration options like --new-pr, --merge-pr, --close-pr, etc., but usually only appears in the temporary log file that is cleaned up automatically as soon as eb completes successfully;
  • you may have several debug log files that include your GitHub token in /tmp (or a different location if you've set the --tmpdir EasyBuild configuration option) on the systems where you use EasyBuild, but they are located in a subdirectory that is only accessible to your account (permissions set to 700);
  • the only way that a log file that may include your token could have been made public is if you shared it yourself, for example by copying the contents of the log file into a gist manually, or by sending a log file to someone;
  • for log files uploaded to GitHub, your token would be revoked automatically when GitHub notices it;

Patches

The issue is fixed with the changes in https://github.com/easybuilders/easybuild-framework/pull/3248.

This fix is included in EasyBuild v4.1.2 (released on Mon Mar 16th 2020), and in the master+ develop branches of the easybuild-framework repository since Mon Mar 16th 2020 (see https://github.com/easybuilders/easybuild-framework/pull/3248 and https://github.com/easybuilders/easybuild-framework/pull/3249 resp.).

Make sure you revoke the existing GitHub tokens you're using with EasyBuild (via https://github.com/settings/tokens), and install new ones using "eb --install-github-token --force" (see also https://easybuild.readthedocs.io/en/latest/Integration_with_GitHub.html#installing-a-github-token-install-github-token).

Workarounds

  • avoid using the GitHub integration features (see https://easybuild.readthedocs.io/en/latest/Integration_with_GitHub.html) with EasyBuild versions older than version 4.1.2;
  • don't share top-level EasyBuild (debug) log files with others, unless you are sure your GitHub token is not included in them;
  • clean up temporary EasyBuild log files in /tmpon the system(s) where you`re using EasyBuild

References

  • https://github.com/easybuilders/easybuild-framework/pull/3248 (PR that fixes the issue)
  • (release announcement to EasyBuild mailing list)

For more information

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "easybuild-framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-19T17:04:51Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--from-pr`, etc.) is shown in plain text in EasyBuild debug log files.\n\nScope:\n\n* the log message only appears in the top-level log file, *not* in the individual software installation logs (see https://easybuild.readthedocs.io/en/latest/Logfiles.html);\n    - as a consequence, tokens are *not* included in the partial log files that are uploaded into a gist when using `--upload-test-report` in combination with `--from-pr`, nor in the installation logs that are copied to the software installation directories;\n* the message is only logged when using `--debug`, so it will not appear when using the default EasyBuild configuration (only info messages are logged by default);\n* the log message is triggered via `--from-pr`, but also via various other GitHub integration options like `--new-pr`, `--merge-pr`, `--close-pr`, etc., but usually only appears in the temporary log file that is cleaned up automatically as soon as eb completes successfully;\n* you may have several debug log files that include your GitHub token in `/tmp` (or a different location if you\u0027ve set the `--tmpdir` EasyBuild configuration option) on the systems where you use EasyBuild, but they are located in a subdirectory that is only accessible to your account (permissions set to 700);\n* the only way that a log file that may include your token could have been made public is *if you shared it yourself*, for example by copying the contents of the log file into a gist manually, or by sending a log file to someone;\n* for log files uploaded to GitHub, your token would be revoked automatically when GitHub notices it;\n\n### Patches\n\nThe issue is fixed with the changes in https://github.com/easybuilders/easybuild-framework/pull/3248.\n\nThis fix is included in EasyBuild v4.1.2 (released on Mon Mar 16th 2020), and in the `master`+  `develop` branches of the `easybuild-framework` repository since Mon Mar 16th 2020 (see https://github.com/easybuilders/easybuild-framework/pull/3248 and https://github.com/easybuilders/easybuild-framework/pull/3249 resp.).\n\n**Make sure you revoke the existing GitHub tokens you\u0027re using with EasyBuild** (via https://github.com/settings/tokens), and install new ones using \"`eb --install-github-token --force`\" (see also https://easybuild.readthedocs.io/en/latest/Integration_with_GitHub.html#installing-a-github-token-install-github-token).\n\n### Workarounds\n\n* avoid using the GitHub integration features (see https://easybuild.readthedocs.io/en/latest/Integration_with_GitHub.html) with EasyBuild versions older than version 4.1.2;\n* don\u0027t share top-level EasyBuild (debug) log files with others, unless you are sure your GitHub token is not included in them;\n* clean up temporary EasyBuild log files in `/tmp`on the system(s) where you`re using EasyBuild\n\n### References\n\n* https://github.com/easybuilders/easybuild-framework/pull/3248 (PR that fixes the issue)\n* (release announcement to EasyBuild mailing list)\n\n### For more information\n\n* Open an issue in [the `easybuild-framework` repository](https://github.com/easybuilders/easybuild-framework)\n* Email us at [easybuild-admin@lists.ugent.be](mailto:easybuild-admin@lists.ugent.be)",
  "id": "GHSA-2wx6-wc87-rmjm",
  "modified": "2024-09-20T17:31:44Z",
  "published": "2020-03-19T17:29:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5262"
    },
    {
      "type": "WEB",
      "url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
    },
    {
      "type": "WEB",
      "url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
    },
    {
      "type": "WEB",
      "url": "https://github.com/easybuilders/easybuild-framework/commit/210743d0e3618a8ac0a56eb9c0f4fa4fd8ae53b9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/easybuilders/easybuild-framework"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/easybuild-framework/PYSEC-2020-41.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/easybuild/PYSEC-2020-268.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "GitHub personal access token leaking into temporary EasyBuild (debug) logs"
}

GHSA-2XFM-MGC4-J8FX

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16889"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-28T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.",
  "id": "GHSA-2xfm-mgc4-j8fx",
  "modified": "2022-05-13T01:50:27Z",
  "published": "2022-05-13T01:50:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16889"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2538"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2541"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-16889"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665334"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4035-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.