CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-M5QR-352X-8XH6
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
{
"affected": [],
"aliases": [
"CVE-2017-18426"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-02T16:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 66.0.2 allows resellers to read other accounts\u0027 domain log files (SEC-288).",
"id": "GHSA-m5qr-352x-8xh6",
"modified": "2024-04-04T01:30:54Z",
"published": "2022-05-24T16:52:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18426"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M5R4-QHX5-2G4C
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 15:30The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
{
"affected": [],
"aliases": [
"CVE-2022-20458"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:15:00Z",
"severity": "MODERATE"
},
"details": "The logs of sensitive information (PII) or hardware identifier should only be printed in Android \"userdebug\" or \"eng\" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user\u0027s account name (i.e. PII), in Android \"user\" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776",
"id": "GHSA-m5r4-qhx5-2g4c",
"modified": "2023-02-01T15:30:20Z",
"published": "2023-01-26T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20458"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/aaos/2023-01-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M664-MXMW-5947
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.
{
"affected": [],
"aliases": [
"CVE-2021-36278"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.",
"id": "GHSA-m664-mxmw-5947",
"modified": "2022-05-24T19:11:27Z",
"published": "2022-05-24T19:11:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36278"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000190408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M67C-WPPJ-7MM2
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.
{
"affected": [],
"aliases": [
"CVE-2023-25604"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T17:15:11Z",
"severity": "MODERATE"
},
"details": "An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.",
"id": "GHSA-m67c-wppj-7mm2",
"modified": "2024-04-04T08:29:53Z",
"published": "2023-10-10T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25604"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-052"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M67G-87RX-V42C
Vulnerability from github – Published: 2026-05-28 18:30 – Updated: 2026-07-02 17:30When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD and DEL invocation — once per pod scheduled or terminated on the node. When the cluster is deployed using token-based Kubernetes authentication, this log entry contains the ServiceAccount token, client key, and certificate authority in plaintext. Any principal with read access to /var/log/calico/cni/cni.log on a node can read these logs and extract the credentials, which grant cluster-wide Calico networking admin privileges.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/projectcalico/calico"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "3.31.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/projectcalico/calico"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.0-cni-plugin.0.20260417001138-cd73bc2cea0f"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41185"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T17:30:20Z",
"nvd_published_at": "2026-05-28T17:16:22Z",
"severity": "MODERATE"
},
"details": "When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD and DEL invocation \u2014 once per pod scheduled or terminated on the node. When the cluster is deployed using token-based Kubernetes authentication, this log entry contains the ServiceAccount token, client key, and certificate authority in plaintext. Any principal with read access to /var/log/calico/cni/cni.log on a node\u00a0 can read these logs and extract the credentials, which grant cluster-wide Calico networking admin privileges.",
"id": "GHSA-m67g-87rx-v42c",
"modified": "2026-07-02T17:30:20Z",
"published": "2026-05-28T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41185"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/pull/12502"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/pull/12526"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/pull/12527"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/commit/0ca653db0ae7400ea9fb066daa7f45c902482271"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/commit/cd73bc2cea0f4989772f2deb93909e7cfac927e0"
},
{
"type": "WEB",
"url": "https://github.com/projectcalico/calico/commit/da9ea3a13927a35e4022b787d17a005b2157d812"
},
{
"type": "PACKAGE",
"url": "https://github.com/projectcalico/calico"
},
{
"type": "WEB",
"url": "https://www.tigera.io/security-bulletins/tta-2026-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Calico Inserts Sensitive Information into Log File"
}
GHSA-M755-M8M9-Q8V4
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2023-01-24 21:30CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.
{
"affected": [],
"aliases": [
"CVE-2019-14782"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim\u0027s session file name from the /tmp directory, and the victim\u0027s token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim\u0027s password (for the OS and phpMyAdmin) via an attacker account.",
"id": "GHSA-m755-m8m9-q8v4",
"modified": "2023-01-24T21:30:34Z",
"published": "2022-05-24T17:03:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14782"
},
{
"type": "WEB",
"url": "https://centos-webpanel.com/changelog-cwp7"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M757-P8RV-4Q93
Vulnerability from github – Published: 2024-03-06 15:31 – Updated: 2025-02-13 19:09In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.linkis:linkis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50740"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-06T17:07:09Z",
"nvd_published_at": "2024-03-06T14:15:47Z",
"severity": "MODERATE"
},
"details": "In Apache Linkis \u003c=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.\u00a0\nWe recommend users upgrade the version of Linkis to version 1.5.0",
"id": "GHSA-m757-p8rv-4q93",
"modified": "2025-02-13T19:09:14Z",
"published": "2024-03-06T15:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50740"
},
{
"type": "WEB",
"url": "https://github.com/apache/linkis/commit/08cbcfca140afebae10e1582ee87721578719ded"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/linkis"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged"
}
GHSA-M833-87VF-576C
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2023-08-18 21:25ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.ovirt.engine.sdk:ovirt-engine-sdk-java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.7.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-15113"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-25T22:33:08Z",
"nvd_published_at": "2018-07-27T16:29:00Z",
"severity": "MODERATE"
},
"details": "ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.",
"id": "GHSA-m833-87vf-576c",
"modified": "2023-08-18T21:25:10Z",
"published": "2022-05-13T01:37:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15113"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHEA-2017:3138"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113"
},
{
"type": "WEB",
"url": "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commitdiff;h=f4a5d0cc772127dbfe40789e26c4633ceea07d14;hp=e6e8704ac9eb115624ff66e2965877d8e63a45f4"
},
{
"type": "PACKAGE",
"url": "https://github.com/oVirt/ovirt-engine"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124121521/https://www.securityfocus.com/bid/101933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "ovirt-engine Logs Plaintext Passwords To File",
"withdrawn": "2023-08-18T21:25:10Z"
}
GHSA-M87F-39Q9-6F55
Vulnerability from github – Published: 2022-04-05 17:47 – Updated: 2022-04-05 17:47Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.
Upgrade to notebook version 6.4.10
For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.
Credit: @3coins for reporting. Thank you!
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "notebook"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24758"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-05T17:47:26Z",
"nvd_published_at": "2022-03-31T23:15:00Z",
"severity": "HIGH"
},
"details": "Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.\n\nUpgrade to notebook version 6.4.10\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org).\n\nCredit: @3coins for reporting. Thank you!\n\n",
"id": "GHSA-m87f-39q9-6f55",
"modified": "2022-04-05T17:47:26Z",
"published": "2022-04-05T17:47:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24758"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyter/notebook"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-180.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Sensitive Auth \u0026 Cookie data stored in Jupyter server logs"
}
GHSA-M88W-QCR5-CQ82
Vulnerability from github – Published: 2024-07-22 15:32 – Updated: 2024-07-22 15:32In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
{
"affected": [],
"aliases": [
"CVE-2024-41824"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-22T15:15:04Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2024.07 parameters of the \"password\" type could leak into the build log in some specific cases",
"id": "GHSA-m88w-qcr5-cq82",
"modified": "2024-07-22T15:32:42Z",
"published": "2024-07-22T15:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41824"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.