CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-P632-5P4V-9HH3
Vulnerability from github – Published: 2022-03-08 00:00 – Updated: 2022-03-17 00:03The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses
{
"affected": [],
"aliases": [
"CVE-2021-25009"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-07T09:15:00Z",
"severity": "MODERATE"
},
"details": "The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses",
"id": "GHSA-p632-5p4v-9hh3",
"modified": "2022-03-17T00:03:03Z",
"published": "2022-03-08T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25009"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/ce2e3503-9a06-4f5c-ae0f-f40e7dfb2903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P6MM-27GQ-9V3P
Vulnerability from github – Published: 2022-08-06 05:29 – Updated: 2022-08-06 05:29Impact
An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions.
Patches
We patched this vulnerability in v4.10.2 and v3.29.9 by moving the log for provider information to the debug level. In addition, we added a warning for having the debug: true option turned on in production and documented it here.
You have enabled the debug option. It is meant for development only, to help you catch issues in your authentication flow and you should consider removing this option when deploying to production. One way of only allowing debugging while not in production is to set debug: process.env.NODE_ENV !== "production", so you can commit this without needing to change the value.
If you want to log debug messages during production anyway, we recommend setting the logger option with proper sanitization of potentially sensitive user information.
To upgrade:
npm i next-auth@latest
# or
yarn add next-auth@latest
# or
pnpm add next-auth@latest
(This will update to the latest v4 version, but you can change latest to 3 if you want to stay on v3. This is not recommended. v3 is unmaintained.)
Workarounds
If for some reason you cannot upgrade, you can user the logger configuration option by sanitizing the logs:
// Example
import log from "your-logging-service"
export const authOptions: NextAuthOptions = {
debug: process.env.NODE_ENV !== "production",
logger: {
error: (code, metadata) => {
if (!(metadata instanceof Error) && metadata.provider) {
// redact the provider secret here
delete metadata.provider
log.error(code, metadata)
} else {
log.error(code, metadata)
}
}
},
}
References
Related documentation: - https://next-auth.js.org/warnings#debug_enabled - https://next-auth.js.org/configuration/options#logger - https://next-auth.js.org/getting-started/upgrade-v4
For more information
If you have any concerns, we request responsible disclosure, outlined here: https://next-auth.js.org/security#reporting-a-vulnerability
Timeline
The issue was reported 18th of July, a response was sent out in less than 20 minutes and after identifying the issue a patch was published within a week.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "next-auth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.29.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "next-auth"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31186"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-06T05:29:45Z",
"nvd_published_at": "2022-08-01T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider\u0027s secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions.\n\n### Patches\nWe patched this vulnerability in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production and documented it [here](https://next-auth.js.org/warnings#debug_enabled).\n\u003e You have enabled the debug option. It is meant for development only, to help you catch issues in your authentication flow and you should consider removing this option when deploying to production. One way of only allowing debugging while not in production is to set debug: process.env.NODE_ENV !== \"production\", so you can commit this without needing to change the value.\n\u003e \n\u003e If you want to log debug messages during production anyway, we recommend setting the [logger option](https://next-auth.js.org/configuration/options#logger) with proper sanitization of potentially sensitive user information.\n\nTo upgrade:\n\n```sh\nnpm i next-auth@latest\n# or\nyarn add next-auth@latest\n# or\npnpm add next-auth@latest\n```\n(This will update to the latest v4 version, but you can change `latest` to 3 if you want to stay on v3. This is not recommended. v3 is unmaintained.)\n\n### Workarounds\n\nIf for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs:\n```ts\n// Example\nimport log from \"your-logging-service\"\nexport const authOptions: NextAuthOptions = {\n debug: process.env.NODE_ENV !== \"production\",\n logger: {\n error: (code, metadata) =\u003e {\n if (!(metadata instanceof Error) \u0026\u0026 metadata.provider) {\n // redact the provider secret here\n delete metadata.provider\n log.error(code, metadata)\n } else {\n log.error(code, metadata)\n }\n }\n },\n}\n```\n\n### References\nRelated documentation:\n- https://next-auth.js.org/warnings#debug_enabled\n- https://next-auth.js.org/configuration/options#logger \n- https://next-auth.js.org/getting-started/upgrade-v4\n\n### For more information\nIf you have any concerns, we request responsible disclosure, outlined here: https://next-auth.js.org/security#reporting-a-vulnerability\n\n### Timeline\nThe issue was reported 18th of July, a response was sent out in less than 20 minutes and after identifying the issue a patch was published within a week.",
"id": "GHSA-p6mm-27gq-9v3p",
"modified": "2022-08-06T05:29:45Z",
"published": "2022-08-06T05:29:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31186"
},
{
"type": "PACKAGE",
"url": "https://github.com/nextauthjs/next-auth"
},
{
"type": "WEB",
"url": "https://next-auth.js.org/configuration/options#logger"
},
{
"type": "WEB",
"url": "https://next-auth.js.org/getting-started/upgrade-v4"
},
{
"type": "WEB",
"url": "https://next-auth.js.org/warnings#debug_enabled"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "next-auth before v4.10.2 and v3.29.9 leaks excessive information into log"
}
GHSA-P737-P57G-4CPR
Vulnerability from github – Published: 2022-03-25 19:20 – Updated: 2022-03-25 19:20Impact
What kind of vulnerability is it?
Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.
Patches
Has the problem been patched? What versions should users upgrade to?
Upgrade to Jupyter Server version 1.15.4
For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.
Credit: @3coins for reporting. Thank you!
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "jupyter-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24757"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-25T19:20:39Z",
"nvd_published_at": "2022-03-23T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n_What kind of vulnerability is it?_\n\nAnytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nUpgrade to Jupyter Server version 1.15.4\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org).\n\nCredit: @3coins for reporting. Thank you!\n\n",
"id": "GHSA-p737-p57g-4cpr",
"modified": "2022-03-25T19:20:39Z",
"published": "2022-03-25T19:20:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24757"
},
{
"type": "WEB",
"url": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyter-server/jupyter_server"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-179.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insertion of Sensitive Information into Log File in Jupyter notebook"
}
GHSA-P77H-Q5M6-CRXC
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-24 21:30An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.
{
"affected": [],
"aliases": [
"CVE-2022-43954"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T19:15:00Z",
"severity": "MODERATE"
},
"details": "An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices\u0027 passwords in the audit log page.",
"id": "GHSA-p77h-q5m6-crxc",
"modified": "2023-02-24T21:30:17Z",
"published": "2023-02-16T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43954"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P7F2-6479-84WX
Vulnerability from github – Published: 2026-04-16 21:31 – Updated: 2026-04-16 21:31Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
{
"affected": [],
"aliases": [
"CVE-2025-43937"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-16T19:16:32Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.",
"id": "GHSA-p7f2-6479-84wx",
"modified": "2026-04-16T21:31:13Z",
"published": "2026-04-16T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43937"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P83H-G6JW-GH8F
Vulnerability from github – Published: 2025-01-03 06:32 – Updated: 2025-01-03 09:30iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
{
"affected": [],
"aliases": [
"CVE-2025-22275"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-03T05:15:08Z",
"severity": "CRITICAL"
},
"details": "iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.",
"id": "GHSA-p83h-g6jw-gh8f",
"modified": "2025-01-03T09:30:47Z",
"published": "2025-01-03T06:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22275"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak"
},
{
"type": "WEB",
"url": "https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=42579472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P868-FP4Q-W4HX
Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.
{
"affected": [],
"aliases": [
"CVE-2024-42344"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T10:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users\u0027 configuration data.",
"id": "GHSA-p868-fp4q-w4hx",
"modified": "2024-09-10T12:30:38Z",
"published": "2024-09-10T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42344"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P8RH-8MH7-W4XH
Vulnerability from github – Published: 2024-10-14 18:30 – Updated: 2024-10-14 18:30In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
{
"affected": [],
"aliases": [
"CVE-2024-45739"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-14T17:15:12Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.",
"id": "GHSA-p8rh-8mh7-w4xh",
"modified": "2024-10-14T18:30:25Z",
"published": "2024-10-14T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45739"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1009"
},
{
"type": "WEB",
"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P999-J4HQ-PMJ3
Vulnerability from github – Published: 2025-04-09 00:30 – Updated: 2025-04-09 00:30Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
{
"affected": [],
"aliases": [
"CVE-2025-25013"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T23:15:45Z",
"severity": "MODERATE"
},
"details": "Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.",
"id": "GHSA-p999-j4hq-pmj3",
"modified": "2025-04-09T00:30:27Z",
"published": "2025-04-09T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25013"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PC23-4MQ4-C95V
Vulnerability from github – Published: 2026-06-02 18:31 – Updated: 2026-06-02 18:31A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.
This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number.
Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
{
"affected": [],
"aliases": [
"CVE-2026-40619"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T16:16:39Z",
"severity": "HIGH"
},
"details": "A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.\n\nThis vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number.\n\nConsequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.",
"id": "GHSA-pc23-4mq4-c95v",
"modified": "2026-06-02T18:31:31Z",
"published": "2026-06-02T18:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40619"
},
{
"type": "WEB",
"url": "https://resources.genetec.com/security-advisories/vulnerability-affecting-security-center-systems-main-server-installations"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.