CWE-532
Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
CVE-2025-6392 (GCVE-0-2025-6392)
Vulnerability from cvelistv5 – Published: 2025-07-10 21:14 – Updated: 2025-07-11 16:51
VLAI
Title
Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)
Summary
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Brocade SANnav |
Affected:
Brocade SANnav versions before 2.4.0a
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:51:21.311613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:51:45.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade SANnav",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "Brocade SANnav versions before 2.4.0a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBrocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM\u2019s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM\u2019s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T21:14:15.748Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35910"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2025-6392",
"datePublished": "2025-07-10T21:14:15.748Z",
"dateReserved": "2025-06-20T03:43:47.511Z",
"dateUpdated": "2025-07-11T16:51:45.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64650 (GCVE-0-2025-64650)
Vulnerability from cvelistv5 – Published: 2025-12-08 21:51 – Updated: 2025-12-09 16:05
VLAI
Title
IBM Storage Defender - Resiliency Service Information Disclosure
Summary
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7253864 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Storage Defender - Resiliency Service |
Affected:
2.0.0 , ≤ 2.0.18
(semver)
cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.18:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:24:30.342972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:05:20.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.18:*:*:*:*:*:*:*"
],
"product": "Storage Defender - Resiliency Service",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.\u003c/p\u003e"
}
],
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:51:04.843Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253864"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes The Connection Manager included with Defender 2.1.0 and newer provides the fixes. If using a version of the Connection Manager obtained from Defender 2.0.0 - 2.0.18, IBM strongly recommends upgrading. Instructions for upgrading can be found here .\u003c/p\u003e"
}
],
"value": "Remediation/Fixes The Connection Manager included with Defender 2.1.0 and newer provides the fixes. If using a version of the Connection Manager obtained from Defender 2.0.0 - 2.0.18, IBM strongly recommends upgrading. Instructions for upgrading can be found here ."
}
],
"title": "IBM Storage Defender - Resiliency Service Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-64650",
"datePublished": "2025-12-08T21:51:04.843Z",
"dateReserved": "2025-11-06T20:07:37.492Z",
"dateUpdated": "2025-12-09T16:05:20.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6587 (GCVE-0-2025-6587)
Vulnerability from cvelistv5 – Published: 2025-07-03 10:03 – Updated: 2026-02-26 18:27
VLAI
Title
Exposure of system environment variables in Docker Desktop diagnostic logs
Summary
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.
A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.43.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-04T03:55:31.391658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:56.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.43.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u0026nbsp;\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u00a0\nA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T10:13:53.570Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of system environment variables in Docker Desktop diagnostic logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-6587",
"datePublished": "2025-07-03T10:03:27.155Z",
"dateReserved": "2025-06-24T20:47:44.847Z",
"dateUpdated": "2026-02-26T18:27:56.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66236 (GCVE-0-2025-66236)
Vulnerability from cvelistv5 – Published: 2026-04-13 14:20 – Updated: 2026-04-15 20:03
VLAI
Title
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Summary
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4].
[1] Security Model: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html
[2] Workload isolation: https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html
[3] JWT Token authentication: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html
[4] Airflow 3.2.0 Blog announcement: https://airflow.apache.org/blog/airflow-3.2.0/
Users are recommended to upgrade to version 3.2.0, which fixes this issue.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
3.0.0 , < 3.2.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-13T16:26:55.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T19:20:26.164642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:03:37.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Saurabh Banawar"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Amogh Desai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBefore Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow\u0027s intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4].\u003c/p\u003e\u003cblockquote\u003e\u003cp\u003e[1] Security Model: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html\"\u003ehttps://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html\u003c/a\u003e\u003cbr\u003e[2] Workload isolation: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html\"\u003ehttps://airflow.apache.org/docs/apache-airflow/stable/security/workload.html\u003c/a\u003e\u003cbr\u003e[3] JWT Token authentication: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html\"\u003ehttps://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html\u003c/a\u003e\u003cbr\u003e[4] Airflow 3.2.0 Blog announcement: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airflow.apache.org/blog/airflow-3.2.0/\"\u003ehttps://airflow.apache.org/blog/airflow-3.2.0/\u003c/a\u003e\u003c/p\u003e\u003c/blockquote\u003e\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 3.2.0, which fixes this issue."
}
],
"value": "Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow\u0027s intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4].\n\n[1] Security Model: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html \n[2] Workload isolation: https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html \n[3] JWT Token authentication: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html \n[4] Airflow 3.2.0 Blog announcement: https://airflow.apache.org/blog/airflow-3.2.0/ \n\n\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:20:37.180Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/58662"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-66236",
"datePublished": "2026-04-13T14:20:37.180Z",
"dateReserved": "2025-11-25T16:03:35.709Z",
"dateUpdated": "2026-04-15T20:03:37.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66411 (GCVE-0-2025-66411)
Vulnerability from cvelistv5 – Published: 2025-12-03 19:25 – Updated: 2025-12-03 21:42
VLAI
Title
Coder logged sensitive objects unsanitized
Summary
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/coder/coder/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/coder/coder/commit/e2a46393fce… | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.26.5 | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.27.7 | x_refsource_MISC |
| https://github.com/coder/coder/releases/tag/v2.28.4 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:41:56.452426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:42:17.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coder",
"vendor": "coder",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.28.0, \u003c 2.28.4"
},
{
"status": "affected",
"version": "\u003e= 2.27.0, \u003c 2.27.7"
},
{
"status": "affected",
"version": "\u003c 2.26.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:25:24.207Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74"
},
{
"name": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.26.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.26.5"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.27.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.27.7"
},
{
"name": "https://github.com/coder/coder/releases/tag/v2.28.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coder/coder/releases/tag/v2.28.4"
}
],
"source": {
"advisory": "GHSA-jf75-p25m-pw74",
"discovery": "UNKNOWN"
},
"title": "Coder logged sensitive objects unsanitized"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66411",
"datePublished": "2025-12-03T19:25:24.207Z",
"dateReserved": "2025-11-28T23:33:56.366Z",
"dateUpdated": "2025-12-03T21:42:17.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6711 (GCVE-0-2025-6711)
Vulnerability from cvelistv5 – Published: 2025-07-07 14:42 – Updated: 2025-07-07 14:58
VLAI
Title
Incomplete Redaction of Sensitive Information in MongoDB Server Logs
Summary
An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc | MongoDB Server |
Affected:
6.0 , < 6.0.21
(custom)
Affected: 7.0 , < 7.0.18 (custom) Affected: 8.0 , < 8.0.5 (custom) cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:* |
Date Public
2025-07-07 14:40
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T14:56:14.136564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T14:58:08.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "6.0.21",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.0.18",
"status": "affected",
"version": "7.0",
"versionType": "custom"
},
{
"lessThan": "8.0.5",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-07T14:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21.\u003c/p\u003e"
}
],
"value": "An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T14:42:16.562Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-98720"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incomplete Redaction of Sensitive Information in MongoDB Server Logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2025-6711",
"datePublished": "2025-07-07T14:42:16.562Z",
"dateReserved": "2025-06-26T11:44:16.283Z",
"dateUpdated": "2025-07-07T14:58:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-68675 (GCVE-0-2025-68675)
Vulnerability from cvelistv5 – Published: 2026-01-16 10:23 – Updated: 2026-02-24 05:48
VLAI
Title
Apache Airflow: proxy credentials for various providers might leak in task logs
Summary
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
3.0.0 , < 3.1.6
(semver)
Affected: 0 , < 2.11.1 (semver) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-16T11:08:28.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/15/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:05:54.218461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:06:50.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.6",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "2.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lwlkr https://github.com/kwkr"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Ankit Chaurasia"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue"
}
],
"value": "In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:48:05.537Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/59688"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow: proxy credentials for various providers might leak in task logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-68675",
"datePublished": "2026-01-16T10:23:25.946Z",
"dateReserved": "2025-12-23T12:02:52.278Z",
"dateUpdated": "2026-02-24T05:48:05.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68919 (GCVE-0-2025-68919)
Vulnerability from cvelistv5 – Published: 2025-12-24 21:01 – Updated: 2025-12-24 21:29
VLAI
Summary
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fujitsu / Fsas Technologies | ETERNUS SF ACM/SC/Express |
Affected:
0 , < 16.8-16.9.1 PA 2025-12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T21:29:06.430013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T21:29:13.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ETERNUS SF ACM/SC/Express",
"vendor": "Fujitsu / Fsas Technologies",
"versions": [
{
"lessThan": "16.8-16.9.1 PA 2025-12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T21:06:55.729Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-111413-Security-Notice.pdf"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-68919",
"datePublished": "2025-12-24T21:01:44.380Z",
"dateReserved": "2025-12-24T21:01:44.123Z",
"dateUpdated": "2025-12-24T21:29:13.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7371 (GCVE-0-2025-7371)
Vulnerability from cvelistv5 – Published: 2025-07-22 15:49 – Updated: 2025-07-22 19:21
VLAI
Summary
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.okta.com/oie/en-us/content/topics/se… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Okta | Okta On-Premises Provisioning Agent |
Affected:
2.2.1 , < 2.3.1
(semver)
|
Date Public
2025-07-22 15:45
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T19:20:52.253359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T19:21:01.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Okta On-Premises Provisioning Agent",
"vendor": "Okta",
"versions": [
{
"lessThan": "2.3.1",
"status": "affected",
"version": "2.2.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-22T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions \u003e=2.2.1 and \u003c= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:54:09.005Z",
"orgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
"shortName": "Okta"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade the OPP agent to version 2.3.1 or higher."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
"assignerShortName": "Okta",
"cveId": "CVE-2025-7371",
"datePublished": "2025-07-22T15:49:06.579Z",
"dateReserved": "2025-07-08T21:45:15.341Z",
"dateUpdated": "2025-07-22T19:21:01.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7426 (GCVE-0-2025-7426)
Vulnerability from cvelistv5 – Published: 2025-08-25 08:52 – Updated: 2025-08-25 13:47
VLAI
Title
MINOVA TTA Information Disclosure and Credential Exposure
Summary
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.minova.de/de/tta.html | product |
| https://www.cryptron.ch/en/blog-detail/security-a… | technical-descriptionthird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MINOVA Information Services GmbH | TTA |
Affected:
11.17.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7426",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T13:47:32.941835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T13:47:36.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"ch.minova.nservice"
],
"platforms": [
"Windows"
],
"product": "TTA",
"vendor": "MINOVA Information Services GmbH",
"versions": [
{
"status": "affected",
"version": "11.17.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Mettler, Senior Penetration Tester from CRYPTRON Security GmbH"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jasmin Frei, Senior Project Manager from CRYPTRON Security GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u0026nbsp; Debug ports\u0026nbsp;1602,\u0026nbsp;1603 and\u0026nbsp;1636 also expose service architecture information and\u0026nbsp;system activity logs"
}
],
"value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u00a0 Debug ports\u00a01602,\u00a01603 and\u00a01636 also expose service architecture information and\u00a0system activity logs"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
},
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
},
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T08:52:47.797Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.minova.de/de/tta.html"
},
{
"tags": [
"technical-description",
"third-party-advisory"
],
"url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSecurity patch for all MINOVA TTA releases in progress.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Security patch for all MINOVA TTA releases in progress."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-08T22:00:00.000Z",
"value": "First contact with the vendor - no response"
},
{
"lang": "en",
"time": "2025-05-25T22:00:00.000Z",
"value": "Second mail to the vendor - no response"
},
{
"lang": "en",
"time": "2025-06-19T22:00:00.000Z",
"value": "Third mail to the vendor and response received on the same day"
},
{
"lang": "en",
"time": "2025-06-22T22:00:00.000Z",
"value": "Exchange of the security report to the vendor"
},
{
"lang": "en",
"time": "2025-07-07T22:00:00.000Z",
"value": "Confirmation of the vulnerability by the vendor"
},
{
"lang": "en",
"time": "2025-08-25T09:59:00.000Z",
"value": "Planned public disclosure (CVE publication)"
}
],
"title": "MINOVA TTA Information Disclosure and Credential Exposure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u0026nbsp;1604, 1636.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u00a01604, 1636."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2025-7426",
"datePublished": "2025-08-25T08:52:47.797Z",
"dateReserved": "2025-07-10T09:22:44.017Z",
"dateUpdated": "2025-08-25T13:47:36.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Phase: Distribution
Description:
- Remove debug log files before deploying the application into production.
Mitigation
Phase: Operation
Description:
- Protect log files against unauthorized read/write.
Mitigation
Phase: Implementation
Description:
- Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.