CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1742 vulnerabilities reference this CWE, most recent first.
GHSA-4XM9-MM3C-5883
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-32218"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:29Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.",
"id": "GHSA-4xm9-mm3c-5883",
"modified": "2026-04-14T18:30:42Z",
"published": "2026-04-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32218"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32218"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4XW6-HJ5P-4J79
Vulnerability from github – Published: 2022-05-17 04:50 – Updated: 2024-11-26 18:37OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "glance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-1948"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T21:32:23Z",
"nvd_published_at": "2014-02-14T15:55:00Z",
"severity": "MODERATE"
},
"details": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.",
"id": "GHSA-4xw6-hj5p-4j79",
"modified": "2024-11-26T18:37:55Z",
"published": "2022-05-17T04:50:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1948"
},
{
"type": "WEB",
"url": "https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba"
},
{
"type": "WEB",
"url": "https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/glance/+bug/1275062"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/glance"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Glance sensitive information disclosure via logs"
}
GHSA-52QM-PR2G-7H6X
Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
{
"affected": [],
"aliases": [
"CVE-2026-9751"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T23:17:04Z",
"severity": "MODERATE"
},
"details": "The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.",
"id": "GHSA-52qm-pr2g-7h6x",
"modified": "2026-06-10T00:31:51Z",
"published": "2026-06-10T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9751"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-123370"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-532V-WMJJ-RX65
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
{
"affected": [],
"aliases": [
"CVE-2022-40979"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T11:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2022.04.4 environmental variables of \"password\" type could be logged when using custom Perforce executable",
"id": "GHSA-532v-wmjj-rx65",
"modified": "2022-09-27T00:00:18Z",
"published": "2022-09-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40979"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-536F-WQ7F-MX95
Vulnerability from github – Published: 2025-02-22 00:33 – Updated: 2025-02-22 00:33IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11
stores potentially sensitive information in log files that could be read by a local user.
{
"affected": [],
"aliases": [
"CVE-2024-45674"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-22T00:15:18Z",
"severity": "LOW"
},
"details": "IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 \n\nstores potentially sensitive information in log files that could be read by a local user.",
"id": "GHSA-536f-wq7f-mx95",
"modified": "2025-02-22T00:33:51Z",
"published": "2025-02-22T00:33:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45674"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7183801"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-53JX-2WMG-3W5F
Vulnerability from github – Published: 2025-10-15 09:30 – Updated: 2026-04-08 21:33The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
{
"affected": [],
"aliases": [
"CVE-2025-10486"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T09:15:40Z",
"severity": "MODERATE"
},
"details": "The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.",
"id": "GHSA-53jx-2wmg-3w5f",
"modified": "2026-04-08T21:33:07Z",
"published": "2025-10-15T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10486"
},
{
"type": "WEB",
"url": "https://plugins.svn.wordpress.org/content-writer/tags/3.6.8/lib/sc_functions.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3379612%40content-writer\u0026new=3379612%40content-writer\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/content-writer"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb20452b-7049-4567-8288-6d24350e2143?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-53PC-PRXG-7XP2
Vulnerability from github – Published: 2025-12-09 00:31 – Updated: 2025-12-09 00:31IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.
{
"affected": [],
"aliases": [
"CVE-2025-64650"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T22:15:52Z",
"severity": "MODERATE"
},
"details": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.",
"id": "GHSA-53pc-prxg-7xp2",
"modified": "2025-12-09T00:31:16Z",
"published": "2025-12-09T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64650"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7253864"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-545J-89FJ-CFC3
Vulnerability from github – Published: 2022-07-22 00:00 – Updated: 2022-07-28 00:00An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
{
"affected": [],
"aliases": [
"CVE-2022-32556"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-21T12:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.",
"id": "GHSA-545j-89fj-cfc3",
"modified": "2022-07-28T00:00:41Z",
"published": "2022-07-22T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32556"
},
{
"type": "WEB",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"type": "WEB",
"url": "https://forums.couchbase.com/tags/security"
},
{
"type": "WEB",
"url": "https://www.couchbase.com/alerts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5462-W9MR-7MW6
Vulnerability from github – Published: 2023-07-12 15:30 – Updated: 2024-04-04 06:04In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
{
"affected": [],
"aliases": [
"CVE-2023-38064"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T13:15:09Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2023.05.1 build chain parameters of the \"password\" type could be written to the agent log",
"id": "GHSA-5462-w9mr-7mw6",
"modified": "2024-04-04T06:04:07Z",
"published": "2023-07-12T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38064"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-548X-PJ87-QV7F
Vulnerability from github – Published: 2024-02-01 15:30 – Updated: 2024-02-01 15:30An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso Release 2019 through Release 2024
{
"affected": [],
"aliases": [
"CVE-2024-0935"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-01T14:15:56Z",
"severity": "MODERATE"
},
"details": "An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso Release 2019 through Release 2024",
"id": "GHSA-548x-pj87-qv7f",
"modified": "2024-02-01T15:30:24Z",
"published": "2024-02-01T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0935"
},
{
"type": "WEB",
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.