CWE-778
AllowedInsufficient Logging
Abstraction: Base · Status: Draft
When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.
40 vulnerabilities reference this CWE, most recent first.
GHSA-9MP2-83WH-H47X
Vulnerability from github – Published: 2024-11-15 00:31 – Updated: 2024-11-15 00:31The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.
{
"affected": [],
"aliases": [
"CVE-2024-48967"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-14T22:15:17Z",
"severity": "CRITICAL"
},
"details": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.",
"id": "GHSA-9mp2-83wh-h47x",
"modified": "2024-11-15T00:31:51Z",
"published": "2024-11-15T00:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48967"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QGV-Q4C6-MP34
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
{
"affected": [],
"aliases": [
"CVE-2025-52644"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T15:16:18Z",
"severity": "MODERATE"
},
"details": "HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.",
"id": "GHSA-9qgv-q4c6-mp34",
"modified": "2026-03-16T15:30:46Z",
"published": "2026-03-16T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52644"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129410"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CPMJ-H4F6-R6PQ
Vulnerability from github – Published: 2026-02-09 17:19 – Updated: 2026-02-09 22:39Summary
A security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit.
Note: This vulnerability only affects audit mode. When using egress-policy: block, these connections are properly blocked. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies)
Affected Versions
- Harden-Runner Community Tier: All versions prior to v2.14.2
- Harden-Runner Enterprise Tier: NOT AFFECTED
Severity
Medium - This vulnerability affects audit logging capabilities but requires the attacker to already have code execution within the workflow.
Impact
When Harden-Runner is configured in audit mode (egress-policy: audit), attackers with the ability to execute arbitrary code in a workflow can:
- Send outbound network traffic without generating audit logs
- Bypass network monitoring for UDP-based communications
Important: This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies).
Technical Details
The vulnerability stems from incomplete monitoring coverage of certain socket-related system calls. Specifically, the following system calls can be used to send UDP traffic without triggering audit events:
-
sendto() -
sendmsg() -
sendmmsg()
An attacker with code execution in a workflow can compile and execute native code that uses these system calls to establish covert communication channels.
Affected Users
This vulnerability ONLY affects users of the Harden-Runner Community Tier.
The Harden-Runner Enterprise Tier is NOT vulnerable to this bypass technique.
Remediation
For Community Tier Users
Upgrade to Harden-Runner v2.14.2 or later. This version includes fixes for the logging bypass vulnerability.
For Enterprise Tier Users
No action required. Enterprise tier customers are not affected by this vulnerability.
Credit
We would like to thank Devansh Batham for responsibly disclosing this vulnerability through our security reporting process. Devansh was communicative throughout the process and verified the fix before the fix before it was made public.
{
"affected": [
{
"package": {
"ecosystem": "GitHub Actions",
"name": "step-security/harden-runner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25598"
],
"database_specific": {
"cwe_ids": [
"CWE-221",
"CWE-778",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-09T17:19:14Z",
"nvd_published_at": "2026-02-09T20:15:58Z",
"severity": "MODERATE"
},
"details": "## Summary \n\nA security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the `sendto`, `sendmsg`, and `sendmmsg` socket system calls can bypass detection and logging when using `egress-policy: audit`. \n\n**Note:** This vulnerability only affects audit mode. When using `egress-policy: block`, these connections are properly blocked. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies)\n\n## Affected Versions \n\n- Harden-Runner Community Tier: All versions prior to v2.14.2 \n- Harden-Runner Enterprise Tier: **NOT AFFECTED** \n\n## Severity \n\n**Medium** - This vulnerability affects audit logging capabilities but requires the attacker to already have code execution within the workflow. \n\n## Impact \n\nWhen Harden-Runner is configured in audit mode (`egress-policy: audit`), attackers with the ability to execute arbitrary code in a workflow can: \n- Send outbound network traffic without generating audit logs \n- Bypass network monitoring for UDP-based communications \n\n**Important:** This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies). \n\n## Technical Details \n\nThe vulnerability stems from incomplete monitoring coverage of certain socket-related system calls. Specifically, the following system calls can be used to send UDP traffic without triggering audit events: \n\n- `sendto()` \n\n- `sendmsg()` \n\n- `sendmmsg()` \n\nAn attacker with code execution in a workflow can compile and execute native code that uses these system calls to establish covert communication channels. \n\n## Affected Users \n\n**This vulnerability ONLY affects users of the Harden-Runner Community Tier.** \n\nThe Harden-Runner Enterprise Tier is **NOT vulnerable** to this bypass technique. \n\n## Remediation \n\n### For Community Tier Users \n \n**Upgrade to Harden-Runner v2.14.2 or later.** This version includes fixes for the logging bypass vulnerability. \n\n### For Enterprise Tier Users \n\nNo action required. Enterprise tier customers are not affected by this vulnerability. \n\n## Credit \n\nWe would like to thank [Devansh Batham](https://github.com/devanshbatham) for responsibly disclosing this vulnerability through our security reporting process. Devansh was communicative throughout the process and verified the fix before the fix before it was made public.",
"id": "GHSA-cpmj-h4f6-r6pq",
"modified": "2026-02-09T22:39:28Z",
"published": "2026-02-09T17:19:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25598"
},
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e"
},
{
"type": "PACKAGE",
"url": "https://github.com/step-security/harden-runner"
},
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/releases/tag/v2.14.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)"
}
GHSA-FP5M-4MQH-849P
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-02-12 11:28An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. As per the Magento Release 2.3.3, if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-8123"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-18T18:04:23Z",
"nvd_published_at": "2019-11-05T23:15:00Z",
"severity": "MODERATE"
},
"details": "An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.\nAs per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-3-commerce.html#new-security-only-patch-available), if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.",
"id": "GHSA-fp5m-4mqh-849p",
"modified": "2024-02-12T11:28:05Z",
"published": "2022-05-24T17:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8123"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-8123.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-8123.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8123.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Magento 2 Community Edition Insufficient Logging"
}
GHSA-GFP8-MP24-5VXG
Vulnerability from github – Published: 2026-05-21 20:43 – Updated: 2026-05-21 20:43Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration.
Patched in 1.3.2: detection coverage and regression tests were expanded.
Remediation: upgrade @hulumi/baseline to 1.3.2 or later and rerun affected previews/checks.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@hulumi/baseline"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T20:43:27Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration.\n\nPatched in 1.3.2: detection coverage and regression tests were expanded.\n\nRemediation: upgrade @hulumi/baseline to 1.3.2 or later and rerun affected previews/checks.",
"id": "GHSA-gfp8-mp24-5vxg",
"modified": "2026-05-21T20:43:27Z",
"published": "2026-05-21T20:43:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kerberosmansour/hulumi/security/advisories/GHSA-gfp8-mp24-5vxg"
},
{
"type": "PACKAGE",
"url": "https://github.com/kerberosmansour/hulumi"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@hulumi/baseline: CloudTrail selector tampering events were not fully detected"
}
GHSA-H5FG-9M4R-VRCJ
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-08 15:31Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
{
"affected": [],
"aliases": [
"CVE-2026-32803"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:31Z",
"severity": "LOW"
},
"details": "Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.",
"id": "GHSA-h5fg-9m4r-vrcj",
"modified": "2026-05-08T15:31:21Z",
"published": "2026-05-08T15:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32803"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000461228/dsa-2026-172-security-update-for-dell-powerscale-onefs-insufficient-logging-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JJQJ-C2CJ-F4JP
Vulnerability from github – Published: 2023-08-29 03:30 – Updated: 2024-04-04 07:15Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
{
"affected": [],
"aliases": [
"CVE-2023-1995"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-29T02:15:07Z",
"severity": "HIGH"
},
"details": "Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n",
"id": "GHSA-jjqj-c2cj-f4jp",
"modified": "2024-04-04T07:15:02Z",
"published": "2023-08-29T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1995"
},
{
"type": "WEB",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MF3H-4JJH-89FR
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-01-09 12:30A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.
{
"affected": [],
"aliases": [
"CVE-2019-19295"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-10T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.",
"id": "GHSA-mf3h-4jjh-89fr",
"modified": "2024-01-09T12:30:35Z",
"published": "2022-05-24T17:10:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19295"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QJ62-83C4-V29P
Vulnerability from github – Published: 2026-01-22 21:33 – Updated: 2026-01-22 21:33Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
{
"affected": [],
"aliases": [
"CVE-2026-22279"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T19:15:56Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.",
"id": "GHSA-qj62-83c4-v29p",
"modified": "2026-01-22T21:33:47Z",
"published": "2026-01-22T21:33:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22279"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QMJM-438J-W485
Vulnerability from github – Published: 2026-03-03 21:31 – Updated: 2026-03-16 18:32In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
{
"affected": [],
"aliases": [
"CVE-2026-3494"
],
"database_specific": {
"cwe_ids": [
"CWE-778"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-03T20:16:50Z",
"severity": "MODERATE"
},
"details": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.",
"id": "GHSA-qmjm-438j-w485",
"modified": "2026-03-16T18:32:03Z",
"published": "2026-03-03T21:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3494"
},
{
"type": "WEB",
"url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261"
},
{
"type": "WEB",
"url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Use a centralized logging mechanism that supports multiple levels of detail.
Mitigation
Ensure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.
Mitigation
Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.
Mitigation
To enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriate -ServiceType, -LoggingOperations, and -RetentionDays arguments.
No CAPEC attack patterns related to this CWE.