CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-WV9P-64PJ-GQ2G
Vulnerability from github – Published: 2023-10-26 03:30 – Updated: 2023-11-03 18:30An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
{
"affected": [],
"aliases": [
"CVE-2023-46667"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-26T01:15:07Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.",
"id": "GHSA-wv9p-64pj-gq2g",
"modified": "2023-11-03T18:30:23Z",
"published": "2023-10-26T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46667"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WVFH-RJ9M-FPC6
Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2025-03-27 15:31IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
{
"affected": [],
"aliases": [
"CVE-2025-1998"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T15:15:54Z",
"severity": "MODERATE"
},
"details": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user.",
"id": "GHSA-wvfh-rj9m-fpc6",
"modified": "2025-03-27T15:31:10Z",
"published": "2025-03-27T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1998"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WW6P-8HPV-P4MC
Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-04 19:01Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.
{
"affected": [],
"aliases": [
"CVE-2021-44862"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-03T20:15:00Z",
"severity": "HIGH"
},
"details": "Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.",
"id": "GHSA-ww6p-8hpv-p4mc",
"modified": "2022-11-04T19:01:16Z",
"published": "2022-11-04T12:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44862"
},
{
"type": "WEB",
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2022-001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WW6W-VMF9-9RG3
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Windows Kernel Memory Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21320"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:56Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Memory Information Disclosure Vulnerability",
"id": "GHSA-ww6w-vmf9-9rg3",
"modified": "2025-01-14T18:32:04Z",
"published": "2025-01-14T18:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21320"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WWGX-94V6-FC2P
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-12-12 17:00An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. As of version 1.16, the plugin no longer logs the ssh-add invocation that would reveal the passphrase.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.15"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:ssh-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1999036"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-12T17:00:02Z",
"nvd_published_at": "2018-08-01T13:29:00Z",
"severity": "LOW"
},
"details": "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. As of version 1.16, the plugin no longer logs the ssh-add invocation that would reveal the passphrase.\n\n",
"id": "GHSA-wwgx-94v6-fc2p",
"modified": "2022-12-12T17:00:02Z",
"published": "2022-05-13T01:50:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999036"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/3a8abe1889d25f9a73cdba202cf27212b273de4d"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/ssh-agent-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log"
}
GHSA-WX2H-56XM-3293
Vulnerability from github – Published: 2022-03-09 00:00 – Updated: 2022-03-17 00:02A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
{
"affected": [],
"aliases": [
"CVE-2021-41543"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-08T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.",
"id": "GHSA-wx2h-56xm-3293",
"modified": "2022-03-17T00:02:49Z",
"published": "2022-03-09T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41543"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WXC6-2XQR-Q2PG
Vulnerability from github – Published: 2022-11-25 06:30 – Updated: 2025-04-25 18:31In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
{
"affected": [],
"aliases": [
"CVE-2022-2721"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-25T05:15:00Z",
"severity": "HIGH"
},
"details": "In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.",
"id": "GHSA-wxc6-2xqr-q2pg",
"modified": "2025-04-25T18:31:01Z",
"published": "2022-11-25T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2721"
},
{
"type": "WEB",
"url": "https://advisories.octopus.com/post/2022/sa2022-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WXCR-9P2R-C64C
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
{
"affected": [],
"aliases": [
"CVE-2017-6139"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-21T17:29:00Z",
"severity": "MODERATE"
},
"details": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.",
"id": "GHSA-wxcr-9p2r-c64c",
"modified": "2022-05-14T01:10:43Z",
"published": "2022-05-14T01:10:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6139"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K45432295"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106186"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X3GJ-R7R3-V6VJ
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
{
"affected": [],
"aliases": [
"CVE-2018-2372"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-14T12:29:00Z",
"severity": "MODERATE"
},
"details": "A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.",
"id": "GHSA-x3gj-r7r3-v6vj",
"modified": "2022-05-13T01:19:57Z",
"published": "2022-05-13T01:19:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2372"
},
{
"type": "WEB",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/2589129"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X3PH-R68G-GGHQ
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
{
"affected": [],
"aliases": [
"CVE-2020-1987"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-08T19:15:00Z",
"severity": "LOW"
},
"details": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.",
"id": "GHSA-x3ph-r68g-gghq",
"modified": "2022-05-24T17:13:53Z",
"published": "2022-05-24T17:13:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1987"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2020-1987"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.