Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-PFM2-2MHG-8WPX

Vulnerability from github – Published: 2026-04-23 14:31 – Updated: 2026-05-13 13:33
VLAI
Summary
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests
Details

Impact

When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary (shared log storage, SIEM pipelines, support/ops access), this can result in disclosure of:

  • bearer tokens from the Authorization header
  • per-tenant API keys from the x-n8n-key header in multi-tenant setups
  • JSON-RPC request payloads sent to the MCP endpoint

Access control itself was not bypassed — unauthenticated requests were correctly rejected with 401 Unauthorized — but sensitive values from those rejected requests could still be persisted in logs.

Impact category: CWE-532 (Insertion of Sensitive Information into Log File).

Affected

Deployments running n8n-mcp v2.47.10 or earlier in HTTP transport mode (MCP_MODE=http). The stdio transport is not affected.

Patched

v2.47.11 and later.

  • npm: npx n8n-mcp@latest (or pin to >= 2.47.11)
  • Docker: docker pull ghcr.io/czlonkowski/n8n-mcp:latest

Workarounds

If users cannot upgrade immediately:

  • Restrict network access to the HTTP port (firewall, reverse proxy, or VPN) so only trusted clients can reach the endpoint.
  • Switch to stdio transport (MCP_MODE=stdio, the default for CLI invocation), which has no HTTP surface.

Credit

n8n-MCP thanks @S4nso (Organization / Jormungandr) for reporting this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n-mcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.47.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-23T14:31:46Z",
    "nvd_published_at": "2026-05-08T20:16:30Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen `n8n-mcp` runs in HTTP transport mode, incoming requests to the `POST /mcp` endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust boundary (shared log storage, SIEM pipelines, support/ops access), this can result in disclosure of:\n\n- bearer tokens from the `Authorization` header\n- per-tenant API keys from the `x-n8n-key` header in multi-tenant setups\n- JSON-RPC request payloads sent to the MCP endpoint\n\nAccess control itself was not bypassed \u2014 unauthenticated requests were correctly rejected with `401 Unauthorized` \u2014 but sensitive values from those rejected requests could still be persisted in logs.\n\nImpact category: **CWE-532** (Insertion of Sensitive Information into Log File).\n\n### Affected\n\nDeployments running n8n-mcp **v2.47.10 or earlier** in HTTP transport mode (`MCP_MODE=http`). The stdio transport is not affected.\n\n### Patched\n\n**v2.47.11** and later.\n\n- npm: `npx n8n-mcp@latest` (or pin to `\u003e= 2.47.11`)\n- Docker: `docker pull ghcr.io/czlonkowski/n8n-mcp:latest`\n\n### Workarounds\n\nIf users cannot upgrade immediately:\n\n- Restrict network access to the HTTP port (firewall, reverse proxy, or VPN) so only trusted clients can reach the endpoint.\n- Switch to stdio transport (`MCP_MODE=stdio`, the default for CLI invocation), which has no HTTP surface.\n\n### Credit\n\nn8n-MCP thanks [@S4nso](https://github.com/S4nso) (Organization / Jormungandr) for reporting this issue.",
  "id": "GHSA-pfm2-2mhg-8wpx",
  "modified": "2026-05-13T13:33:57Z",
  "published": "2026-04-23T14:31:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-pfm2-2mhg-8wpx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41495"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/czlonkowski/n8n-mcp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests"
}

GHSA-PFVH-3W7H-4375

Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32
VLAI
Details

Windows Kernel Memory Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T18:15:56Z",
    "severity": "MODERATE"
  },
  "details": "Windows Kernel Memory Information Disclosure Vulnerability",
  "id": "GHSA-pfvh-3w7h-4375",
  "modified": "2025-01-14T18:32:04Z",
  "published": "2025-01-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21321"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG5P-WWP8-97G8

Vulnerability from github – Published: 2023-04-19 18:16 – Updated: 2023-04-19 18:16
VLAI
Summary
Debug mode leaks confidential data in Cilium
Details

Impact

When run in debug mode, Cilium may log sensitive information.

In particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:

  • 1.7. to 1.10. inclusive
  • 1.11.* before 1.11.16
  • 1.12.* before 1.12.9
  • 1.13.* before 1.13.2

In addition, Cilium 1.12. before 1.12.9 and 1.13. before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.

Patches

This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.

Workarounds

Disable debug mode.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "last_affected": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-19T18:16:51Z",
    "nvd_published_at": "2023-04-18T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen run in debug mode, Cilium may log sensitive information.\n\nIn particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:\n\n- 1.7.* to 1.10.* inclusive\n- 1.11.* before 1.11.16\n- 1.12.* before 1.12.9\n- 1.13.* before 1.13.2\n\nIn addition, Cilium 1.12.* before 1.12.9 and 1.13.* before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.\n\n### Patches\n\nThis vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.\n\n### Workarounds\nDisable debug mode.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io) - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.\n",
  "id": "GHSA-pg5p-wwp8-97g8",
  "modified": "2023-04-19T18:16:51Z",
  "published": "2023-04-19T18:16:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29002"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Debug mode leaks confidential data in Cilium"
}

GHSA-PGF8-2HGJ-GRQG

Vulnerability from github – Published: 2026-05-07 00:05 – Updated: 2026-05-14 20:32
VLAI
Summary
Vercel: Non-interactive mode includes CLI arguments in suggested command output
Details

Summary

When the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions.

Conditions

All three must be true for the token to appear in output:

  1. Token passed as a CLI argument (--token / -t). The VERCEL_TOKEN environment variable is not affected.
  2. Non-interactive mode is active (explicit flag or AI agent auto-detection).
  3. The command cannot complete on its own (e.g. missing --yes, ambiguous scope, API errors). Successful commands produce no suggestion output.

Impact

The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output.

Remediation

  • Upgrade to the patched version.
  • If developers have previously used --token with --non-interactive in their applications, review logs for exposed tokens and rotate them.
  • Prefer VERCEL_TOKEN environment variable for authentication.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 52.0.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "vercel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "50.16.0"
            },
            {
              "fixed": "52.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T00:05:20Z",
    "nvd_published_at": "2026-05-13T16:16:58Z",
    "severity": "MODERATE"
  },
  "details": "# Summary\n\nWhen the Vercel CLI runs in non-interactive mode (`--non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via `--token` or `-t` on the command line, the token value is included verbatim in those suggestions.\n\n# Conditions\n\nAll three must be true for the token to appear in output:\n\n1. Token passed as a CLI argument (`--token` / `-t`). The `VERCEL_TOKEN` environment variable is **not affected**.\n2. Non-interactive mode is active (explicit flag or AI agent auto-detection).\n3. The command cannot complete on its own (e.g. missing `--yes`, ambiguous scope, API errors). Successful commands produce no suggestion output.\n\n## Impact\n\nThe plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output.\n\n## Remediation\n\n- Upgrade to the patched version.\n- If developers have previously used `--token` with `--non-interactive` in their applications, review logs for exposed tokens and rotate them.\n- Prefer `VERCEL_TOKEN` environment variable for authentication.",
  "id": "GHSA-pgf8-2hgj-grqg",
  "modified": "2026-05-14T20:32:07Z",
  "published": "2026-05-07T00:05:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vercel/vercel/security/advisories/GHSA-pgf8-2hgj-grqg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44479"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vercel/vercel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vercel: Non-interactive mode includes CLI arguments in suggested command output"
}

GHSA-PGG6-PQ85-WXJF

Vulnerability from github – Published: 2025-01-29 21:31 – Updated: 2025-01-29 21:31
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.

This issue affects FLXEON through <= 9.3.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-29T19:15:18Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.\n \n\nThis issue affects FLXEON through \u003c= 9.3.4.",
  "id": "GHSA-pgg6-pq85-wxjf",
  "modified": "2025-01-29T21:31:25Z",
  "published": "2025-01-29T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48852"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PH5J-6PCV-6W76

Vulnerability from github – Published: 2022-06-23 00:00 – Updated: 2022-06-30 00:00
VLAI
Details

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-22T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "\n A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited.\n This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.\n ",
  "id": "GHSA-ph5j-6pcv-6w76",
  "modified": "2022-06-30T00:00:37Z",
  "published": "2022-06-23T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20651"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH6R-2988-63R2

Vulnerability from github – Published: 2025-09-27 03:30 – Updated: 2025-09-27 03:30
VLAI
Details

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-27T01:15:42Z",
    "severity": "LOW"
  },
  "details": "IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-ph6r-2988-63r2",
  "modified": "2025-09-27T03:30:14Z",
  "published": "2025-09-27T03:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36144"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7246267"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHCQ-62X8-MJ46

Vulnerability from github – Published: 2023-11-22 21:31 – Updated: 2023-11-22 21:31
VLAI
Details

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-22T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  247034.",
  "id": "GHSA-phcq-62x8-mj46",
  "modified": "2023-11-22T21:31:07Z",
  "published": "2023-11-22T21:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25682"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247034"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7080172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHV5-VQ5P-QHP7

Vulnerability from github – Published: 2026-04-16 15:31 – Updated: 2026-04-24 20:52
VLAI
Summary
Apache Airflow: JWT token appearing in logs
Details

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T22:57:42Z",
    "nvd_published_at": "2026-04-16T14:16:13Z",
    "severity": "MODERATE"
  },
  "details": "JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. \nUsers are advised to upgrade to Airflow version that contains fix.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.",
  "id": "GHSA-phv5-vq5p-qhp7",
  "modified": "2026-04-24T20:52:30Z",
  "published": "2026-04-16T15:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/issues/62428"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/issues/62773"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/62964"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/16/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Airflow: JWT token appearing in logs"
}

GHSA-PJ43-GPQR-FHM8

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2026-04-28 21:34
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T16:15:13Z",
    "severity": "HIGH"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.",
  "id": "GHSA-pj43-gpqr-fhm8",
  "modified": "2026-04-28T21:34:33Z",
  "published": "2024-04-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31259"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/searchiq/wordpress-searchiq-plugin-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.