Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-5546-XCJQ-X5XR

Vulnerability from github – Published: 2024-02-17 18:30 – Updated: 2024-02-17 18:30
VLAI
Details

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-17T16:15:47Z",
    "severity": "MODERATE"
  },
  "details": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  279976.",
  "id": "GHSA-5546-xcjq-x5xr",
  "modified": "2024-02-17T18:30:31Z",
  "published": "2024-02-17T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22336"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279976"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7118642"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-556M-HX4G-V68M

Vulnerability from github – Published: 2024-03-28 09:31 – Updated: 2026-04-28 21:34
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-28T07:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.",
  "id": "GHSA-556m-hx4g-v68m",
  "modified": "2026-04-28T21:34:24Z",
  "published": "2024-03-28T09:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22138"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55G3-3QVV-89R4

Vulnerability from github – Published: 2024-02-08 12:30 – Updated: 2024-02-08 12:30
VLAI
Details

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-08T10:15:14Z",
    "severity": "MODERATE"
  },
  "details": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n",
  "id": "GHSA-55g3-3qvv-89r4",
  "modified": "2024-02-08T12:30:48Z",
  "published": "2024-02-08T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22464"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55MJ-XMGR-6V5W

Vulnerability from github – Published: 2022-01-13 00:01 – Updated: 2022-01-20 00:02
VLAI
Details

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-12T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user\u0027s machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files.",
  "id": "GHSA-55mj-xmgr-6v5w",
  "modified": "2022-01-20T00:02:19Z",
  "published": "2022-01-13T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45449"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/windows/release-notes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-55VQ-XPJF-R2XC

Vulnerability from github – Published: 2023-04-27 21:30 – Updated: 2025-09-30 18:53
VLAI
Summary
Lightbend Alpakka Kafka logs credentials on debug level
Details

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.typesafe.akka:akka-stream-kafka_3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.typesafe.akka:akka-stream-kafka_2.13"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.typesafe.akka:akka-stream-kafka_2.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 4.0.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.typesafe.akka:akka-stream-kafka_2.11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-27T23:53:28Z",
    "nvd_published_at": "2023-04-27T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.",
  "id": "GHSA-55vq-xpjf-r2xc",
  "modified": "2025-09-30T18:53:16Z",
  "published": "2023-04-27T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/akka/alpakka-kafka/issues/1592"
    },
    {
      "type": "WEB",
      "url": "https://github.com/akka/alpakka-kafka/pull/1614/commits/4011b704e93b22f6fd956aac516c7159d384644c"
    },
    {
      "type": "WEB",
      "url": "https://akka.io/security/alpakka-kafka-cve-2023-29471.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/akka/alpakka-kafka"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Lightbend Alpakka Kafka logs credentials on debug level"
}

GHSA-56R7-H6MW-RCFV

Vulnerability from github – Published: 2025-10-10 12:30 – Updated: 2025-10-11 00:13
VLAI
Summary
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Details

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "8.18.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.19.0"
            },
            {
              "fixed": "8.19.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-beta1"
            },
            {
              "fixed": "9.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.1.0"
            },
            {
              "fixed": "9.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-37727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-11T00:13:33Z",
    "nvd_published_at": "2025-10-10T10:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the  reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex",
  "id": "GHSA-56r7-h6mw-rcfv",
  "modified": "2025-10-11T00:13:33Z",
  "published": "2025-10-10T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37727"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/elasticsearch"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Elasticsearch: Insertion of Sensitive Information into Log File via reindex API"
}

GHSA-574H-QGGC-9PH9

Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2022-05-24 17:11
VLAI
Details

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-13T16:15:00Z",
    "severity": "LOW"
  },
  "details": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.",
  "id": "GHSA-574h-qggc-9ph9",
  "modified": "2022-05-24T17:11:26Z",
  "published": "2022-05-24T17:11:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19756"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-29942"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5854-G45W-MW45

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30
VLAI
Details

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).",
  "id": "GHSA-5854-g45w-mw45",
  "modified": "2024-04-04T01:30:49Z",
  "published": "2022-05-24T16:52:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18423"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-587G-JWV5-52J3

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.",
  "id": "GHSA-587g-jwv5-52j3",
  "modified": "2025-10-14T18:30:29Z",
  "published": "2025-10-14T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47979"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47979"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-587P-XC7X-RJH8

Vulnerability from github – Published: 2024-10-14 18:30 – Updated: 2024-10-14 18:30
VLAI
Details

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the _internal index. This exposure could happen if you configure the Splunk Enterprise REST_Calls log channel at the DEBUG logging level.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-14T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.",
  "id": "GHSA-587p-xc7x-rjh8",
  "modified": "2024-10-14T18:30:25Z",
  "published": "2024-10-14T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45738"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1008"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.