CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1744 vulnerabilities reference this CWE, most recent first.
GHSA-Q77Q-33V2-M8HR
Vulnerability from github – Published: 2024-07-31 18:32 – Updated: 2024-07-31 18:32A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
{
"affected": [],
"aliases": [
"CVE-2024-6977"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-31T17:15:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker\u0027s system.This issue affects SDP Client: before 5.10.34.",
"id": "GHSA-q77q-33v2-m8hr",
"modified": "2024-07-31T18:32:01Z",
"published": "2024-07-31T18:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6977"
},
{
"type": "WEB",
"url": "https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q87W-HJGF-6VFW
Vulnerability from github – Published: 2024-01-29 12:30 – Updated: 2024-01-29 12:30Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.
{
"affected": [],
"aliases": [
"CVE-2024-23791"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-29T10:15:08Z",
"severity": "MODERATE"
},
"details": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n",
"id": "GHSA-q87w-hjgf-6vfw",
"modified": "2024-01-29T12:30:20Z",
"published": "2024-01-29T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23791"
},
{
"type": "WEB",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q8CJ-789H-VG24
Vulnerability from github – Published: 2026-05-28 17:52 – Updated: 2026-05-28 17:52Impact
OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authentication material and rotate it as appropriate.
Patches
This is fixed in OpenBao v2.5.4.
Resources
https://github.com/openbao/openbao/issues/3074
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.5.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/openbao/openbao"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46358"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-28T17:52:43Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nOpenBao\u0027s inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authentication material and rotate it as appropriate.\n\n### Patches\n\nThis is fixed in OpenBao v2.5.4.\n\n### Resources\n\nhttps://github.com/openbao/openbao/issues/3074",
"id": "GHSA-q8cj-789h-vg24",
"modified": "2026-05-28T17:52:43Z",
"published": "2026-05-28T17:52:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/security/advisories/GHSA-q8cj-789h-vg24"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/issues/3074"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/pull/3076"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/commit/131c6966af4dfb4e1906703436eecdb8f2a3e9df"
},
{
"type": "PACKAGE",
"url": "https://github.com/openbao/openbao"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/releases/tag/v2.5.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenBao\u0027s Inline Auth Incorrectly Redacted Headers"
}
GHSA-Q8P7-W3VH-WG45
Vulnerability from github – Published: 2022-05-14 01:35 – Updated: 2022-05-14 01:35The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files.
{
"affected": [],
"aliases": [
"CVE-2018-15004"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-28T21:29:00Z",
"severity": "MODERATE"
},
"details": "The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files.",
"id": "GHSA-q8p7-w3vh-wg45",
"modified": "2022-05-14T01:35:49Z",
"published": "2022-05-14T01:35:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15004"
},
{
"type": "WEB",
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018"
},
{
"type": "WEB",
"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q9V8-HHCR-3G53
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2025-01-02 21:31Windows Desired State Configuration (DSC) Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-30148"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T22:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Desired State Configuration (DSC) Information Disclosure Vulnerability.",
"id": "GHSA-q9v8-hhcr-3g53",
"modified": "2025-01-02T21:31:37Z",
"published": "2022-06-16T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30148"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30148"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30148"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCJ3-H27M-MP9X
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-10-07 21:32In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "octavia"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "octavia"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0.0b1"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-16856"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T11:08:44Z",
"nvd_published_at": "2019-03-26T18:29:00Z",
"severity": "HIGH"
},
"details": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.",
"id": "GHSA-qcj3-h27m-mp9x",
"modified": "2024-10-07T21:32:17Z",
"published": "2022-05-13T01:07:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16856"
},
{
"type": "WEB",
"url": "https://github.com/openstack/octavia/commit/ae7c87f54a6c5483a608d5e9fe51ea1966ea1f7e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/octavia"
},
{
"type": "WEB",
"url": "https://github.com/openstack/octavia/commits/3.1.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/octavia/PYSEC-2019-193.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Openstack Octavia allows Insertion of Sensitive Information into Log File"
}
GHSA-QCM2-HCG7-GMV8
Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2022-07-28 00:00In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
{
"affected": [],
"aliases": [
"CVE-2022-36321"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-20T13:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases",
"id": "GHSA-qcm2-hcg7-gmv8",
"modified": "2022-07-28T00:00:40Z",
"published": "2022-07-21T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36321"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF5X-JV3X-595J
Vulnerability from github – Published: 2026-03-03 21:31 – Updated: 2026-03-03 21:31IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
{
"affected": [],
"aliases": [
"CVE-2026-1265"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-03T20:16:45Z",
"severity": "MODERATE"
},
"details": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.",
"id": "GHSA-qf5x-jv3x-595j",
"modified": "2026-03-03T21:31:16Z",
"published": "2026-03-03T21:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1265"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7259627"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF6H-WR49-RV76
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-28 00:00A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
{
"affected": [],
"aliases": [
"CVE-2022-32217"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T19:15:00Z",
"severity": "MODERATE"
},
"details": "A cleartext storage of sensitive information exists in Rocket.Chat \u003cv4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.",
"id": "GHSA-qf6h-wr49-rv76",
"modified": "2022-09-28T00:00:24Z",
"published": "2022-09-25T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32217"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1394399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QG95-6496-M556
Vulnerability from github – Published: 2023-12-12 03:31 – Updated: 2023-12-14 18:30Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
{
"affected": [],
"aliases": [
"CVE-2023-36649"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-12T01:15:10Z",
"severity": "CRITICAL"
},
"details": "Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.",
"id": "GHSA-qg95-6496-m556",
"modified": "2023-12-14T18:30:19Z",
"published": "2023-12-12T03:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36649"
},
{
"type": "WEB",
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.