CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-456R-H9VM-XCMJ
Vulnerability from github – Published: 2025-09-26 06:30 – Updated: 2025-09-26 06:30The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
{
"affected": [],
"aliases": [
"CVE-2025-9985"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T05:15:36Z",
"severity": "MODERATE"
},
"details": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.",
"id": "GHSA-456r-h9vm-xcmj",
"modified": "2025-09-26T06:30:49Z",
"published": "2025-09-26T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9985"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/log.php?rev=3344903"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3362830%40featured-image-from-url\u0026new=3362830%40featured-image-from-url\u0026sfp_email=\u0026sfph_mail=#file6"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/991d63da-ca6c-400e-beb7-b44cf629abc9?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-457F-XP3M-RV66
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
{
"affected": [],
"aliases": [
"CVE-2019-3891"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-15T12:31:00Z",
"severity": "HIGH"
},
"details": "It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.",
"id": "GHSA-457f-xp3m-rv66",
"modified": "2022-05-13T01:14:33Z",
"published": "2022-05-13T01:14:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3891"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1222"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45W9-4PGF-X3FR
Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2022-07-15 00:00HCL Launch may store certain data for recurring activities in a plain text format.
{
"affected": [],
"aliases": [
"CVE-2022-27549"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-06T21:15:00Z",
"severity": "MODERATE"
},
"details": "HCL Launch may store certain data for recurring activities in a plain text format.",
"id": "GHSA-45w9-4pgf-x3fr",
"modified": "2022-07-15T00:00:17Z",
"published": "2022-07-07T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27549"
},
{
"type": "WEB",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099254"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4697-7F5R-FHWX
Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
{
"affected": [],
"aliases": [
"CVE-2016-8233"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T22:59:00Z",
"severity": "CRITICAL"
},
"details": "Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.",
"id": "GHSA-4697-7f5r-fhwx",
"modified": "2022-05-17T02:57:05Z",
"published": "2022-05-17T02:57:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8233"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-11635"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-469R-4M5M-6P66
Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27156"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T04:15:18Z",
"severity": "MODERATE"
},
"details": "The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-469r-4m5m-6p66",
"modified": "2024-07-04T06:35:03Z",
"published": "2024-06-14T06:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27156"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-46V9-494M-J4HJ
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
{
"affected": [],
"aliases": [
"CVE-2018-1000018"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-24T14:29:00Z",
"severity": "HIGH"
},
"details": "An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user\u0027s password in the log file.",
"id": "GHSA-46v9-494m-j4hj",
"modified": "2022-05-13T01:48:29Z",
"published": "2022-05-13T01:48:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000018"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536941"
},
{
"type": "WEB",
"url": "https://gerrit.ovirt.org/#/c/86635"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46VV-MMQM-CFV8
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
{
"affected": [],
"aliases": [
"CVE-2021-39291"
],
"database_specific": {
"cwe_ids": [
"CWE-532",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-23T05:15:00Z",
"severity": "HIGH"
},
"details": "Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.",
"id": "GHSA-46vv-mmqm-cfv8",
"modified": "2022-07-13T00:01:37Z",
"published": "2022-05-24T19:11:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39291"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2021/Aug/22"
},
{
"type": "WEB",
"url": "https://www.netmodule.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48J5-778C-4QWG
Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
{
"affected": [],
"aliases": [
"CVE-2023-37224"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-14T18:15:10Z",
"severity": "MODERATE"
},
"details": "An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.",
"id": "GHSA-48j5-778c-4qwg",
"modified": "2024-04-04T06:08:54Z",
"published": "2023-07-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37224"
},
{
"type": "WEB",
"url": "https://archerirm.com"
},
{
"type": "WEB",
"url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-48JV-63M8-9985
Vulnerability from github – Published: 2023-04-04 15:30 – Updated: 2023-04-11 18:30An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.
{
"affected": [],
"aliases": [
"CVE-2022-48228"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-04T15:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.",
"id": "GHSA-48jv-63m8-9985",
"modified": "2023-04-11T18:30:30Z",
"published": "2023-04-04T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48228"
},
{
"type": "WEB",
"url": "https://acuant.com"
},
{
"type": "WEB",
"url": "https://hackandpwn.com/disclosures/CVE-2022-48228.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-48RH-RW8J-QVQV
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-07-28 00:00In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.
{
"affected": [],
"aliases": [
"CVE-2019-15507"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-23T06:15:00Z",
"severity": "MODERATE"
},
"details": "In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.",
"id": "GHSA-48rh-rw8j-qvqv",
"modified": "2022-07-28T00:00:46Z",
"published": "2022-05-24T16:54:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15507"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/5761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.