Common Weakness Enumeration

CWE-778

Allowed

Insufficient Logging

Abstraction: Base · Status: Draft

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

40 vulnerabilities reference this CWE, most recent first.

GHSA-9MP2-83WH-H47X

Vulnerability from github – Published: 2024-11-15 00:31 – Updated: 2024-11-15 00:31
VLAI
Details

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-14T22:15:17Z",
    "severity": "CRITICAL"
  },
  "details": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.",
  "id": "GHSA-9mp2-83wh-h47x",
  "modified": "2024-11-15T00:31:51Z",
  "published": "2024-11-15T00:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48967"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QGV-Q4C6-MP34

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T15:16:18Z",
    "severity": "MODERATE"
  },
  "details": "HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.",
  "id": "GHSA-9qgv-q4c6-mp34",
  "modified": "2026-03-16T15:30:46Z",
  "published": "2026-03-16T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52644"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CPMJ-H4F6-R6PQ

Vulnerability from github – Published: 2026-02-09 17:19 – Updated: 2026-02-09 22:39
VLAI
Summary
Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)
Details

Summary

A security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit.

Note: This vulnerability only affects audit mode. When using egress-policy: block, these connections are properly blocked. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies)

Affected Versions

  • Harden-Runner Community Tier: All versions prior to v2.14.2
  • Harden-Runner Enterprise Tier: NOT AFFECTED

Severity

Medium - This vulnerability affects audit logging capabilities but requires the attacker to already have code execution within the workflow.

Impact

When Harden-Runner is configured in audit mode (egress-policy: audit), attackers with the ability to execute arbitrary code in a workflow can: - Send outbound network traffic without generating audit logs - Bypass network monitoring for UDP-based communications

Important: This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies).

Technical Details

The vulnerability stems from incomplete monitoring coverage of certain socket-related system calls. Specifically, the following system calls can be used to send UDP traffic without triggering audit events:

  • sendto()

  • sendmsg()

  • sendmmsg()

An attacker with code execution in a workflow can compile and execute native code that uses these system calls to establish covert communication channels.

Affected Users

This vulnerability ONLY affects users of the Harden-Runner Community Tier.

The Harden-Runner Enterprise Tier is NOT vulnerable to this bypass technique.

Remediation

For Community Tier Users

Upgrade to Harden-Runner v2.14.2 or later. This version includes fixes for the logging bypass vulnerability.

For Enterprise Tier Users

No action required. Enterprise tier customers are not affected by this vulnerability.

Credit

We would like to thank Devansh Batham for responsibly disclosing this vulnerability through our security reporting process. Devansh was communicative throughout the process and verified the fix before the fix before it was made public.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "GitHub Actions",
        "name": "step-security/harden-runner"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.14.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-221",
      "CWE-778",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-09T17:19:14Z",
    "nvd_published_at": "2026-02-09T20:15:58Z",
    "severity": "MODERATE"
  },
  "details": "## Summary \n\nA security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the `sendto`, `sendmsg`, and `sendmmsg` socket system calls can bypass detection and logging when using `egress-policy: audit`. \n\n**Note:** This vulnerability only affects audit mode. When using `egress-policy: block`, these connections are properly blocked. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies)\n\n## Affected Versions \n\n- Harden-Runner Community Tier: All versions prior to v2.14.2 \n- Harden-Runner Enterprise Tier: **NOT AFFECTED** \n\n## Severity \n\n**Medium** - This vulnerability affects audit logging capabilities but requires the attacker to already have code execution within the workflow. \n\n## Impact \n\nWhen Harden-Runner is configured in audit mode (`egress-policy: audit`), attackers with the ability to execute arbitrary code in a workflow can: \n- Send outbound network traffic without generating audit logs \n- Bypass network monitoring for UDP-based communications \n\n**Important:** This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow (e.g., through workflow injection or compromised dependencies). \n\n## Technical Details \n\nThe vulnerability stems from incomplete monitoring coverage of certain socket-related system calls. Specifically, the following system calls can be used to send UDP traffic without triggering audit events: \n\n- `sendto()` \n\n- `sendmsg()` \n\n- `sendmmsg()` \n\nAn attacker with code execution in a workflow can compile and execute native code that uses these system calls to establish covert communication channels. \n\n## Affected Users \n\n**This vulnerability ONLY affects users of the Harden-Runner Community Tier.** \n\nThe Harden-Runner Enterprise Tier is **NOT vulnerable** to this bypass technique. \n\n## Remediation \n\n### For Community Tier Users \n \n**Upgrade to Harden-Runner v2.14.2 or later.** This version includes fixes for the logging bypass vulnerability. \n\n### For Enterprise Tier Users \n\nNo action required. Enterprise tier customers are not affected by this vulnerability. \n\n## Credit \n\nWe would like to thank [Devansh Batham](https://github.com/devanshbatham) for responsibly disclosing this vulnerability through our security reporting process. Devansh was communicative throughout the process and verified the fix before the fix before it was made public.",
  "id": "GHSA-cpmj-h4f6-r6pq",
  "modified": "2026-02-09T22:39:28Z",
  "published": "2026-02-09T17:19:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25598"
    },
    {
      "type": "WEB",
      "url": "https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/step-security/harden-runner"
    },
    {
      "type": "WEB",
      "url": "https://github.com/step-security/harden-runner/releases/tag/v2.14.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)"
}

GHSA-FP5M-4MQH-849P

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-02-12 11:28
VLAI
Summary
Magento 2 Community Edition Insufficient Logging
Details

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. As per the Magento Release 2.3.3, if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-8123"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T18:04:23Z",
    "nvd_published_at": "2019-11-05T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.\nAs per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-3-commerce.html#new-security-only-patch-available), if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.",
  "id": "GHSA-fp5m-4mqh-849p",
  "modified": "2024-02-12T11:28:05Z",
  "published": "2022-05-24T17:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8123"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-8123.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-8123.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8123.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento 2 Community Edition Insufficient Logging"
}

GHSA-GFP8-MP24-5VXG

Vulnerability from github – Published: 2026-05-21 20:43 – Updated: 2026-05-21 20:43
VLAI
Summary
@hulumi/baseline: CloudTrail selector tampering events were not fully detected
Details

Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration.

Patched in 1.3.2: detection coverage and regression tests were expanded.

Remediation: upgrade @hulumi/baseline to 1.3.2 or later and rerun affected previews/checks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@hulumi/baseline"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T20:43:27Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration.\n\nPatched in 1.3.2: detection coverage and regression tests were expanded.\n\nRemediation: upgrade @hulumi/baseline to 1.3.2 or later and rerun affected previews/checks.",
  "id": "GHSA-gfp8-mp24-5vxg",
  "modified": "2026-05-21T20:43:27Z",
  "published": "2026-05-21T20:43:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kerberosmansour/hulumi/security/advisories/GHSA-gfp8-mp24-5vxg"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kerberosmansour/hulumi"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@hulumi/baseline: CloudTrail selector tampering events were not fully detected"
}

GHSA-H5FG-9M4R-VRCJ

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-08 15:31
VLAI
Details

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T14:16:31Z",
    "severity": "LOW"
  },
  "details": "Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.",
  "id": "GHSA-h5fg-9m4r-vrcj",
  "modified": "2026-05-08T15:31:21Z",
  "published": "2026-05-08T15:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32803"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000461228/dsa-2026-172-security-update-for-dell-powerscale-onefs-insufficient-logging-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJQJ-C2CJ-F4JP

Vulnerability from github – Published: 2023-08-29 03:30 – Updated: 2024-04-04 07:15
VLAI
Details

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-29T02:15:07Z",
    "severity": "HIGH"
  },
  "details": "Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n",
  "id": "GHSA-jjqj-c2cj-f4jp",
  "modified": "2024-04-04T07:15:02Z",
  "published": "2023-08-29T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1995"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF3H-4JJH-89FR

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-01-09 12:30
VLAI
Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.",
  "id": "GHSA-mf3h-4jjh-89fr",
  "modified": "2024-01-09T12:30:35Z",
  "published": "2022-05-24T17:10:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19295"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ62-83C4-V29P

Vulnerability from github – Published: 2026-01-22 21:33 – Updated: 2026-01-22 21:33
VLAI
Details

Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T19:15:56Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.",
  "id": "GHSA-qj62-83c4-v29p",
  "modified": "2026-01-22T21:33:47Z",
  "published": "2026-01-22T21:33:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22279"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMJM-438J-W485

Vulnerability from github – Published: 2026-03-03 21:31 – Updated: 2026-03-16 18:32
VLAI
Details

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-778"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T20:16:50Z",
    "severity": "MODERATE"
  },
  "details": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.",
  "id": "GHSA-qmjm-438j-w485",
  "modified": "2026-03-16T18:32:03Z",
  "published": "2026-03-03T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3494"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff"
    },
    {
      "type": "WEB",
      "url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

Use a centralized logging mechanism that supports multiple levels of detail.

Mitigation
Implementation

Ensure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.

Mitigation
Operation

Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.

Mitigation
Operation

To enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriate -ServiceType, -LoggingOperations, and -RetentionDays arguments.

No CAPEC attack patterns related to this CWE.