CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-5546-XCJQ-X5XR
Vulnerability from github – Published: 2024-02-17 18:30 – Updated: 2024-02-17 18:30IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.
{
"affected": [],
"aliases": [
"CVE-2024-22336"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-17T16:15:47Z",
"severity": "MODERATE"
},
"details": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.",
"id": "GHSA-5546-xcjq-x5xr",
"modified": "2024-02-17T18:30:31Z",
"published": "2024-02-17T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22336"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279976"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7118642"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-556M-HX4G-V68M
Vulnerability from github – Published: 2024-03-28 09:31 – Updated: 2026-04-28 21:34Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.
{
"affected": [],
"aliases": [
"CVE-2024-22138"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T07:15:53Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.",
"id": "GHSA-556m-hx4g-v68m",
"modified": "2026-04-28T21:34:24Z",
"published": "2024-03-28T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22138"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55G3-3QVV-89R4
Vulnerability from github – Published: 2024-02-08 12:30 – Updated: 2024-02-08 12:30Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
{
"affected": [],
"aliases": [
"CVE-2024-22464"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-08T10:15:14Z",
"severity": "MODERATE"
},
"details": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n",
"id": "GHSA-55g3-3qvv-89r4",
"modified": "2024-02-08T12:30:48Z",
"published": "2024-02-08T12:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22464"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55MJ-XMGR-6V5W
Vulnerability from github – Published: 2022-01-13 00:01 – Updated: 2022-01-20 00:02Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.
{
"affected": [],
"aliases": [
"CVE-2021-45449"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user\u0027s machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files.",
"id": "GHSA-55mj-xmgr-6v5w",
"modified": "2022-01-20T00:02:19Z",
"published": "2022-01-13T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45449"
},
{
"type": "WEB",
"url": "https://docs.docker.com/desktop/windows/release-notes"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-55VQ-XPJF-R2XC
Vulnerability from github – Published: 2023-04-27 21:30 – Updated: 2025-09-30 18:53Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-stream-kafka_3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-stream-kafka_2.13"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-stream-kafka_2.12"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 4.0.2"
},
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-stream-kafka_2.11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-29471"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-27T23:53:28Z",
"nvd_published_at": "2023-04-27T21:15:10Z",
"severity": "MODERATE"
},
"details": "Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.",
"id": "GHSA-55vq-xpjf-r2xc",
"modified": "2025-09-30T18:53:16Z",
"published": "2023-04-27T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29471"
},
{
"type": "WEB",
"url": "https://github.com/akka/alpakka-kafka/issues/1592"
},
{
"type": "WEB",
"url": "https://github.com/akka/alpakka-kafka/pull/1614/commits/4011b704e93b22f6fd956aac516c7159d384644c"
},
{
"type": "WEB",
"url": "https://akka.io/security/alpakka-kafka-cve-2023-29471.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/akka/alpakka-kafka"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Lightbend Alpakka Kafka logs credentials on debug level"
}
GHSA-56R7-H6MW-RCFV
Vulnerability from github – Published: 2025-10-10 12:30 – Updated: 2025-10-11 00:13Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "8.18.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "8.19.0"
},
{
"fixed": "8.19.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-beta1"
},
{
"fixed": "9.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "9.1.0"
},
{
"fixed": "9.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-37727"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-11T00:13:33Z",
"nvd_published_at": "2025-10-10T10:15:34Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex",
"id": "GHSA-56r7-h6mw-rcfv",
"modified": "2025-10-11T00:13:33Z",
"published": "2025-10-10T12:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37727"
},
{
"type": "WEB",
"url": "https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453"
},
{
"type": "PACKAGE",
"url": "https://github.com/elastic/elasticsearch"
},
{
"type": "WEB",
"url": "https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Elasticsearch: Insertion of Sensitive Information into Log File via reindex API"
}
GHSA-574H-QGGC-9PH9
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2022-05-24 17:11An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.
{
"affected": [],
"aliases": [
"CVE-2019-19756"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-13T16:15:00Z",
"severity": "LOW"
},
"details": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.",
"id": "GHSA-574h-qggc-9ph9",
"modified": "2022-05-24T17:11:26Z",
"published": "2022-05-24T17:11:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19756"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-29942"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5854-G45W-MW45
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
{
"affected": [],
"aliases": [
"CVE-2017-18423"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-02T16:15:00Z",
"severity": "LOW"
},
"details": "In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).",
"id": "GHSA-5854-g45w-mw45",
"modified": "2024-04-04T01:30:49Z",
"published": "2022-05-24T16:52:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18423"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-587G-JWV5-52J3
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-47979"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:42Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.",
"id": "GHSA-587g-jwv5-52j3",
"modified": "2025-10-14T18:30:29Z",
"published": "2025-10-14T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47979"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47979"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-587P-XC7X-RJH8
Vulnerability from github – Published: 2024-10-14 18:30 – Updated: 2024-10-14 18:30In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the _internal index. This exposure could happen if you configure the Splunk Enterprise REST_Calls log channel at the DEBUG logging level.
{
"affected": [],
"aliases": [
"CVE-2024-45738"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-14T17:15:12Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.",
"id": "GHSA-587p-xc7x-rjh8",
"modified": "2024-10-14T18:30:25Z",
"published": "2024-10-14T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45738"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1008"
},
{
"type": "WEB",
"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.