Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-QGMM-F2QW-R95F

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2024-04-22 23:11
VLAI
Summary
Keycloak leaks sensitive information in logged exceptions
Details

A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T23:11:33Z",
    "nvd_published_at": "2020-05-11T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.",
  "id": "GHSA-qgmm-f2qw-r95f",
  "modified": "2024-04-22T23:11:33Z",
  "published": "2022-05-24T17:17:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/6751"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak leaks sensitive information in logged exceptions"
}

GHSA-QGVX-32F8-PQ66

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2023-01-31 21:30
VLAI
Details

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.",
  "id": "GHSA-qgvx-32f8-pq66",
  "modified": "2023-01-31T21:30:17Z",
  "published": "2022-05-24T16:49:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4299"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10884842"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGWP-X6H8-QX34

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.",
  "id": "GHSA-qgwp-x6h8-qx34",
  "modified": "2022-05-24T19:05:06Z",
  "published": "2022-05-24T19:05:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25423"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QH9X-MC42-VG4G

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2024-11-18 16:26
VLAI
Summary
django-anymail Includes Sensitive Information in Log Files
Details

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-anymail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2"
            },
            {
              "fixed": "1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-27T21:33:52Z",
    "nvd_published_at": "2018-03-13T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.",
  "id": "GHSA-qh9x-mc42-vg4g",
  "modified": "2024-11-18T16:26:21Z",
  "published": "2022-05-14T03:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000089"
    },
    {
      "type": "WEB",
      "url": "https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qh9x-mc42-vg4g"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/anymail/django-anymail"
    },
    {
      "type": "WEB",
      "url": "https://github.com/anymail/django-anymail/releases/tag/v1.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-anymail/PYSEC-2018-46.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "django-anymail Includes Sensitive Information in Log Files"
}

GHSA-QHQ8-VG87-FPM2

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-01T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.",
  "id": "GHSA-qhq8-vg87-fpm2",
  "modified": "2022-05-24T17:46:25Z",
  "published": "2022-05-24T17:46:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23924"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/devo-2021-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJ23-W8JM-W8WV

Vulnerability from github – Published: 2025-07-03 12:34 – Updated: 2025-07-03 12:34
VLAI
Details

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T10:15:37Z",
    "severity": "MODERATE"
  },
  "details": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u00a0\nA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.",
  "id": "GHSA-qj23-w8jm-w8wv",
  "modified": "2025-07-03T12:34:56Z",
  "published": "2025-07-03T12:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6587"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QJ3C-9P7W-6V83

Vulnerability from github – Published: 2025-04-22 06:30 – Updated: 2025-04-22 06:30
VLAI
Details

Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-22T05:15:30Z",
    "severity": "MODERATE"
  },
  "details": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\nThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.",
  "id": "GHSA-qj3c-9p7w-6v83",
  "modified": "2025-04-22T06:30:29Z",
  "published": "2025-04-22T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2300"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-112/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ6W-VQH8-3WWG

Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30
VLAI
Details

Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36544"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.",
  "id": "GHSA-qj6w-vqh8-3wwg",
  "modified": "2023-02-10T03:30:20Z",
  "published": "2023-02-03T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36544"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/happy_source/tpcms/issues/I3YNWY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJQ5-4C8Q-X94F

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T17:15:00Z",
    "severity": "LOW"
  },
  "details": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.",
  "id": "GHSA-qjq5-4c8q-x94f",
  "modified": "2022-05-24T19:06:58Z",
  "published": "2022-05-24T19:06:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29759"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6469449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJQG-4WG7-957H

Vulnerability from github – Published: 2024-05-15 03:30 – Updated: 2025-02-13 18:59
VLAI
Summary
azure-file-csi-driver leaks service account tokens in the logs
Details

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.29.3"
      },
      "package": {
        "ecosystem": "Go",
        "name": "sigs.k8s.io/azurefile-csi-driver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.29.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "sigs.k8s.io/azurefile-csi-driver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.30.0"
            },
            {
              "fixed": "1.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.30.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-3744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T17:16:58Z",
    "nvd_published_at": "2024-05-15T01:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.",
  "id": "GHSA-qjqg-4wg7-957h",
  "modified": "2025-02-13T18:59:21Z",
  "published": "2024-05-15T03:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3744"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/124759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes-sigs/azurefile-csi-driver"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/09/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "azure-file-csi-driver leaks service account tokens in the logs"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.