CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-MFQR-WP5F-9GJ8
Vulnerability from github – Published: 2024-09-12 15:33 – Updated: 2024-09-19 15:30Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
{
"affected": [],
"aliases": [
"CVE-2021-22533"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T13:15:09Z",
"severity": "MODERATE"
},
"details": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000.",
"id": "GHSA-mfqr-wp5f-9gj8",
"modified": "2024-09-19T15:30:48Z",
"published": "2024-09-12T15:33:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22533"
},
{
"type": "WEB",
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MG6R-7GCG-995G
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
{
"affected": [],
"aliases": [
"CVE-2021-1226"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-13T22:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM \u0026amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",
"id": "GHSA-mg6r-7gcg-995g",
"modified": "2022-05-24T17:39:11Z",
"published": "2022-05-24T17:39:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1226"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MG7R-RGFR-MMJ9
Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
{
"affected": [],
"aliases": [
"CVE-2015-3243"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-25T18:29:00Z",
"severity": "MODERATE"
},
"details": "rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.",
"id": "GHSA-mg7r-rgfr-mmj9",
"modified": "2022-05-17T02:20:39Z",
"published": "2022-05-17T02:20:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3243"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232826"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/06/18/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/06/20/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75298"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MGH5-4H95-QJ4P
Vulnerability from github – Published: 2020-06-03 22:02 – Updated: 2021-07-29 17:51All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "snyk-broker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.73.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7654"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-01T19:41:28Z",
"nvd_published_at": "2020-05-29T22:15:00Z",
"severity": "HIGH"
},
"details": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.",
"id": "GHSA-mgh5-4h95-qj4p",
"modified": "2021-07-29T17:51:23Z",
"published": "2020-06-03T22:02:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7654"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
},
{
"type": "WEB",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Information Exposure in Snyk Broker"
}
GHSA-MGH9-332F-65F9
Vulnerability from github – Published: 2022-10-21 19:01 – Updated: 2022-10-24 19:00Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.
{
"affected": [],
"aliases": [
"CVE-2022-31239"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.",
"id": "GHSA-mgh9-332f-65f9",
"modified": "2022-10-24T19:00:22Z",
"published": "2022-10-21T19:01:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31239"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH5R-54WV-3957
Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-11-03 21:34A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2025-43225"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T00:15:34Z",
"severity": "MODERATE"
},
"details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.",
"id": "GHSA-mh5r-54wv-3957",
"modified": "2025-11-03T21:34:14Z",
"published": "2025-07-30T00:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43225"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124148"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124149"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124150"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124151"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/31"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH7P-2P63-76H2
Vulnerability from github – Published: 2022-05-14 01:35 – Updated: 2022-05-14 01:35The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.
{
"affected": [],
"aliases": [
"CVE-2018-14995"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-28T21:29:00Z",
"severity": "MODERATE"
},
"details": "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.",
"id": "GHSA-mh7p-2p63-76h2",
"modified": "2022-05-14T01:35:49Z",
"published": "2022-05-14T01:35:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14995"
},
{
"type": "WEB",
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018"
},
{
"type": "WEB",
"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHJJ-G9CV-766W
Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2022-05-14 03:37The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
{
"affected": [],
"aliases": [
"CVE-2018-7433"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-02T20:29:00Z",
"severity": "HIGH"
},
"details": "The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.",
"id": "GHSA-mhjj-g9cv-766w",
"modified": "2022-05-14T03:37:08Z",
"published": "2022-05-14T03:37:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7433"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/better-wp-security/#developers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHP8-7XP2-CHW4
Vulnerability from github – Published: 2025-07-29 06:30 – Updated: 2025-07-29 06:30"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
{
"affected": [],
"aliases": [
"CVE-2025-53649"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-29T05:15:32Z",
"severity": "MODERATE"
},
"details": "\"SwitchBot\" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.",
"id": "GHSA-mhp8-7xp2-chw4",
"modified": "2025-07-29T06:30:21Z",
"published": "2025-07-29T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53649"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN59585716"
},
{
"type": "WEB",
"url": "https://www.switchbot.jp/pages/switchbot-app-vulnerability-fix202507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MJ96-MH85-R574
Vulnerability from github – Published: 2025-07-21 19:12 – Updated: 2025-07-21 19:12Summary
Log output includes authentication token that provides full account access
Details
The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, userdata/$user_id$/config/localconfig.vdf contains potentially sensitive information which should not be included in public logs.
PoC
Use the following workflow step
steps:
- name: Setup SteamCMD
uses: buildalon/setup-steamcmd@v1.0.4
- name: Sign into steam
shell: bash
run: |
steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit
Impact
Anyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.
{
"affected": [
{
"package": {
"ecosystem": "GitHub Actions",
"name": "buildalon/setup-steamcmd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-21T19:12:48Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nLog output includes authentication token that provides full account access\n\n### Details\nThe post job action prints the contents of `config/config.vdf` which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, `userdata/$user_id$/config/localconfig.vdf` contains potentially sensitive information which should not be included in public logs.\n\n### PoC\nUse the following workflow step\n```\nsteps:\n - name: Setup SteamCMD\n uses: buildalon/setup-steamcmd@v1.0.4\n\n - name: Sign into steam\n shell: bash\n run: |\n steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit\n```\n\n### Impact\nAnyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.",
"id": "GHSA-mj96-mh85-r574",
"modified": "2025-07-21T19:12:48Z",
"published": "2025-07-21T19:12:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/buildalon/setup-steamcmd/security/advisories/GHSA-mj96-mh85-r574"
},
{
"type": "WEB",
"url": "https://github.com/buildalon/setup-steamcmd/commit/c3301963a182b14fd7a5b4991e6ae91ed39e4a5c"
},
{
"type": "PACKAGE",
"url": "https://github.com/buildalon/setup-steamcmd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "buildalon/setup-steamcmd leaked authentication token in job output logs"
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.