Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-3XC7-XG67-PW99

Vulnerability from github – Published: 2019-06-05 20:43 – Updated: 2021-08-04 20:54
VLAI
Summary
Sensitive Data Exposure in sequelize-cli
Details

Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL() does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text.

Recommendation

Upgrade to version 5.5.0 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sequelize-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "5.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-06-05T20:42:54Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "Versions of `sequelize-cli` prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function `filteredURL()` does not properly sanitize the `config.password` value which may cause passwords with special characters to be logged in plain text.\n\n\n## Recommendation\n\nUpgrade to version 5.5.0 or later.",
  "id": "GHSA-3xc7-xg67-pw99",
  "modified": "2021-08-04T20:54:45Z",
  "published": "2019-06-05T20:43:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/cli/issues/172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/cli/pull/722"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FelixLC/cli/commit/da59652c061a798282e18efad0b6d0afefa15465"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZECLI-174320"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Data Exposure in sequelize-cli"
}

GHSA-3XR7-767Q-QR44

Vulnerability from github – Published: 2026-05-28 06:31 – Updated: 2026-05-28 06:31
VLAI
Details

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T05:16:35Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.",
  "id": "GHSA-3xr7-767q-qr44",
  "modified": "2026-05-28T06:31:08Z",
  "published": "2026-05-28T06:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32996"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-423P-CH83-27QW

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-05T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.",
  "id": "GHSA-423p-ch83-27qw",
  "modified": "2022-05-24T17:37:59Z",
  "published": "2022-05-24T17:37:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26199"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000181248"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4255-C27H-62M5

Vulnerability from github – Published: 2026-02-10 00:25 – Updated: 2026-02-10 02:56
VLAI
Summary
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
Details

The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems.

Users who run sign-package with --verbose and credential arguments expose their Unity account passwords. This affects all versions prior to 1.8.2. The vulnerability requires explicit user action (using --verbose) but creates significant risk in automated and shared environments.

Workaround: Use environment variables (UNITY_USERNAME, UNITY_PASSWORD) instead of command-line arguments, and avoid the --verbose flag when working with credentials.

Existing RageAgainstThePixel and Buildalon GitHub actions are unaffected as they use the environment variables exclusively.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@rage-against-the-pixel/unity-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T00:25:32Z",
    "nvd_published_at": "2026-02-09T22:16:04Z",
    "severity": "MODERATE"
  },
  "details": "The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the `--verbose` flag is used. Command-line arguments including `--email` and `--password` are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems.\n\nUsers who run sign-package with `--verbose` and credential arguments expose their Unity account passwords. This affects all versions prior to 1.8.2. The vulnerability requires explicit user action (using `--verbose`) but creates significant risk in automated and shared environments.\n\nWorkaround: Use environment variables (`UNITY_USERNAME`, `UNITY_PASSWORD`) instead of command-line arguments, and avoid the `--verbose` flag when working with credentials.\n\nExisting RageAgainstThePixel and Buildalon GitHub actions are unaffected as they use the environment variables exclusively.",
  "id": "GHSA-4255-c27h-62m5",
  "modified": "2026-02-10T02:56:53Z",
  "published": "2026-02-10T00:25:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RageAgainstThePixel/unity-cli/security/advisories/GHSA-4255-c27h-62m5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RageAgainstThePixel/unity-cli/commit/8d4d67b23d7c5fd8f00df3f0f10bec2961c95342"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RageAgainstThePixel/unity-cli"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RageAgainstThePixel/unity-cli/releases/tag/v1.8.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)"
}

GHSA-43CP-H386-XGFV

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-12-08 15:30
VLAI
Details

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. 

This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.

Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest.

Fixed in:

WAX610 firmware 11.8.0.10 or later.

WAX610Y firmware 11.8.0.10 or later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T17:15:39Z",
    "severity": "LOW"
  },
  "details": "Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610\nand WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6\nAccess Points). An user having access to the syslog server can read the logs containing these credentials.\u00a0\n\nThis issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.\n\n\nDevices\nmanaged with Insight get automatic updates. If not, please check the firmware version\nand update to the latest. \n\n\n\n\n\nFixed in:\n\n\n\nWAX610 firmware\n11.8.0.10 or later.\n\n\n\nWAX610Y firmware\n11.8.0.10 or later.",
  "id": "GHSA-43cp-h386-xgfv",
  "modified": "2025-12-08T15:30:29Z",
  "published": "2025-11-11T18:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12940"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/wax610"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/wax610y"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-43M2-C25V-9RRV

Vulnerability from github – Published: 2025-10-24 09:31 – Updated: 2025-10-24 09:31
VLAI
Details

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-24T09:15:42Z",
    "severity": "HIGH"
  },
  "details": "The Quickcreator \u2013 AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin\u0027s API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.",
  "id": "GHSA-43m2-c25v-9rrv",
  "modified": "2025-10-24T09:31:59Z",
  "published": "2025-10-24T09:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11504"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/quickcreator"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43M8-WXPM-8HM7

Vulnerability from github – Published: 2024-03-13 12:31 – Updated: 2024-03-13 12:31
VLAI
Details

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-13T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user.  IBM X-Force ID:  266875.",
  "id": "GHSA-43m8-wxpm-8hm7",
  "modified": "2024-03-13T12:31:06Z",
  "published": "2024-03-13T12:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43043"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7138286"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4524-CJ9J-G4FJ

Vulnerability from github – Published: 2026-03-13 20:05 – Updated: 2026-03-16 17:07
VLAI
Summary
OneUptime: Password Reset Token Logged at INFO Level
Details

Summary

The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user.

Details

Vulnerable code — App/FeatureSet/Identity/API/Authentication.ts lines 370-371:

logger.info("User forgot password: " + user.email?.toString());
logger.info("Reset Password URL: " + tokenVerifyUrl);

The tokenVerifyUrl is a complete URL like https://app.oneuptime.com/accounts/reset-password/<plaintext-token>. This is logged at INFO level, which is enabled by default in production and persisted to stdout, log files, and any configured log aggregation systems.

Additionally — login credentials logged at DEBUG level (line 909):

logger.debug("Login request data: " + JSON.stringify(req.body, null, 2));

The entire login request body (including cleartext password) is logged at DEBUG level. While DEBUG is typically disabled in production, it is commonly enabled during incident troubleshooting.

No existing CVEs cover sensitive data exposure in logging for OneUptime. CVE-2026-30956 (GHSA-r5v6-2599-9g3m) leaked resetPasswordToken from the database via multi-tenant header bypass — this finding is different (token leaked via application logs).

PoC

Environment: OneUptime v10.0.23 via docker compose up (default configuration)

# Step 1 — Trigger forgot-password for target user
curl -s -X POST http://TARGET:8080/api/identity/forgot-password \
  -H 'Content-Type: application/json' \
  -d '{"data": {"email": "test@example.com"}}'
# Response: {}

# Step 2 — Read application logs to extract the reset token
docker compose logs app --tail 5
# Output:
# app-1  | User forgot password: test@example.com
# app-1  | Reset Password URL: http://localhost/accounts/reset-password/20771cc6-860a-4b9b-bb9c-09eff67de4ef

# Step 3 — Use the extracted token to reset the victim's password
curl -s -X POST http://TARGET:8080/api/identity/reset-password \
  -H 'Content-Type: application/json' \
  -d '{"data": {"token": "20771cc6-860a-4b9b-bb9c-09eff67de4ef", "password": "NewPassword123!"}}'

Tested and confirmed on 2026-03-12 against oneuptime/app:release (APP_VERSION=10.0.23). Full password reset token 20771cc6-860a-4b9b-bb9c-09eff67de4ef visible in INFO-level logs.

Attack surface for log access: ELK/Elasticsearch dashboards (often misconfigured with default credentials), CloudWatch/Datadog/Splunk/Grafana Loki, docker logs / kubectl logs, shared log volumes, CDN/proxy access logs.

Impact

Any user's account can be taken over by anyone with read access to application logs:

  • Account takeover: Every password reset token is logged in plaintext, creating a persistent trail of sensitive tokens
  • Exposure scale: This logs EVERY password reset request — not a one-off, but systematic
  • Cascading impact: Combined with differential error responses in forgot-password (user enumeration), an attacker can systematically target any user
  • Organizations that aggregate OneUptime logs into shared logging infrastructure expose all password reset tokens to anyone with log reader access
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "oneuptime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.0.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-13T20:05:12Z",
    "nvd_published_at": "2026-03-13T19:55:09Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe password reset flow logs the complete password reset URL \u2014 containing the plaintext reset token \u2014 at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user.\n\n### Details\n\n**Vulnerable code \u2014 `App/FeatureSet/Identity/API/Authentication.ts` lines 370-371:**\n```typescript\nlogger.info(\"User forgot password: \" + user.email?.toString());\nlogger.info(\"Reset Password URL: \" + tokenVerifyUrl);\n```\n\nThe `tokenVerifyUrl` is a complete URL like `https://app.oneuptime.com/accounts/reset-password/\u003cplaintext-token\u003e`. This is logged at INFO level, which is enabled by default in production and persisted to stdout, log files, and any configured log aggregation systems.\n\n**Additionally \u2014 login credentials logged at DEBUG level (line 909):**\n```typescript\nlogger.debug(\"Login request data: \" + JSON.stringify(req.body, null, 2));\n```\n\nThe entire login request body (including cleartext password) is logged at DEBUG level. While DEBUG is typically disabled in production, it is commonly enabled during incident troubleshooting.\n\nNo existing CVEs cover sensitive data exposure in logging for OneUptime. CVE-2026-30956 (GHSA-r5v6-2599-9g3m) leaked `resetPasswordToken` from the database via multi-tenant header bypass \u2014 this finding is different (token leaked via application logs).\n\n### PoC\n\n**Environment:** OneUptime v10.0.23 via `docker compose up` (default configuration)\n\n```bash\n# Step 1 \u2014 Trigger forgot-password for target user\ncurl -s -X POST http://TARGET:8080/api/identity/forgot-password \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"data\": {\"email\": \"test@example.com\"}}\u0027\n# Response: {}\n\n# Step 2 \u2014 Read application logs to extract the reset token\ndocker compose logs app --tail 5\n# Output:\n# app-1  | User forgot password: test@example.com\n# app-1  | Reset Password URL: http://localhost/accounts/reset-password/20771cc6-860a-4b9b-bb9c-09eff67de4ef\n\n# Step 3 \u2014 Use the extracted token to reset the victim\u0027s password\ncurl -s -X POST http://TARGET:8080/api/identity/reset-password \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"data\": {\"token\": \"20771cc6-860a-4b9b-bb9c-09eff67de4ef\", \"password\": \"NewPassword123!\"}}\u0027\n```\n\n**Tested and confirmed on 2026-03-12 against `oneuptime/app:release` (APP_VERSION=10.0.23).** Full password reset token `20771cc6-860a-4b9b-bb9c-09eff67de4ef` visible in INFO-level logs.\n\n**Attack surface for log access:** ELK/Elasticsearch dashboards (often misconfigured with default credentials), CloudWatch/Datadog/Splunk/Grafana Loki, `docker logs` / `kubectl logs`, shared log volumes, CDN/proxy access logs.\n\n### Impact\n\nAny user\u0027s account can be taken over by anyone with read access to application logs:\n\n- **Account takeover:** Every password reset token is logged in plaintext, creating a persistent trail of sensitive tokens\n- **Exposure scale:** This logs EVERY password reset request \u2014 not a one-off, but systematic\n- **Cascading impact:** Combined with differential error responses in forgot-password (user enumeration), an attacker can systematically target any user\n- Organizations that aggregate OneUptime logs into shared logging infrastructure expose all password reset tokens to anyone with log reader access",
  "id": "GHSA-4524-cj9j-g4fj",
  "modified": "2026-03-16T17:07:40Z",
  "published": "2026-03-13T20:05:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4524-cj9j-g4fj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32598"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OneUptime/oneuptime"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OneUptime: Password Reset Token Logged at INFO Level"
}

GHSA-452R-R77C-2P69

Vulnerability from github – Published: 2022-05-17 03:00 – Updated: 2025-04-20 03:32
VLAI
Details

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-05T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.",
  "id": "GHSA-452r-r77c-2p69",
  "modified": "2025-04-20T03:32:23Z",
  "published": "2022-05-17T03:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5137"
    },
    {
      "type": "WEB",
      "url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-454M-V4GH-W6C2

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:17:29Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.",
  "id": "GHSA-454m-v4gh-w6c2",
  "modified": "2026-04-14T18:30:42Z",
  "published": "2026-04-14T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32217"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32217"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.