CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1743 vulnerabilities reference this CWE, most recent first.
GHSA-V6V8-XJ6M-XWQH
Vulnerability from github – Published: 2024-06-24 18:31 – Updated: 2024-06-26 19:31go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/go-retryablehttp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-6104"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-24T21:32:07Z",
"nvd_published_at": "2024-06-24T17:15:11Z",
"severity": "MODERATE"
},
"details": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"id": "GHSA-v6v8-xj6m-xwqh",
"modified": "2024-06-26T19:31:28Z",
"published": "2024-06-24T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/c/security"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v6v8-xj6m-xwqh"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/go-retryablehttp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "go-retryablehttp can leak basic auth credentials to log files"
}
GHSA-V725-XJ67-9V99
Vulnerability from github – Published: 2023-10-17 12:30 – Updated: 2024-04-04 08:42Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
{
"affected": [],
"aliases": [
"CVE-2023-5339"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-17T10:15:10Z",
"severity": "MODERATE"
},
"details": "Mattermost Desktop\u00a0fails to set an appropriate log level during initial run after fresh installation\u00a0resulting in logging all keystrokes\u00a0including password entry\u00a0being logged.\u00a0\n\n",
"id": "GHSA-v725-xj67-9v99",
"modified": "2024-04-04T08:42:55Z",
"published": "2023-10-17T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5339"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V735-2PP6-H86R
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2024-09-04 19:38Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0a1"
},
{
"fixed": "2.7.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0a1"
},
{
"fixed": "2.6.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-16859"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:07:45Z",
"nvd_published_at": "2018-11-29T18:29:00Z",
"severity": "MODERATE"
},
"details": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"id": "GHSA-v735-2pp6-h86r",
"modified": "2024-09-04T19:38:45Z",
"published": "2022-05-14T01:14:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16859"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/pull/49142"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3770"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3771"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3772"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3773"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible Logs Passwords If PowerShell ScriptBlock is Enabled"
}
GHSA-V75G-77VF-6JJQ
Vulnerability from github – Published: 2025-05-30 20:01 – Updated: 2025-06-03 01:10CWE ID: CWE-532 (Insertion of Sensitive Information into Log File) CVSS: 7.5 (High) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Component: Para Server Initialization Logging
Version: Para v1.50.6
File Path: para-1.50.6/para-server/src/main/java/com/erudika/para/server/utils/HealthUtils.java
Vulnerable Line(s): Line 132 (via logger.info(...) with root credentials)
Technical Details:
The vulnerability is located in the HealthUtils.java file, where a failed configuration file write triggers the following logging statement:
logger.info("Initialized root app with access key '{}' and secret '{}', but could not write these to {}.",
rootAppCredentials.get("accessKey"),
rootAppCredentials.get("secretKey"),
confFile);
This exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.erudika:para-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.50.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48955"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-30T20:01:10Z",
"nvd_published_at": "2025-06-02T12:15:25Z",
"severity": "MODERATE"
},
"details": "CWE ID: CWE-532 (Insertion of Sensitive Information into Log File)\nCVSS: 7.5 (High)\nVector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\n**Affected Component:** Para Server Initialization Logging\n**Version:** Para v1.50.6\n**File Path:** `para-1.50.6/para-server/src/main/java/com/erudika/para/server/utils/HealthUtils.java`\n**Vulnerable Line(s):** Line 132 (via `logger.info(...)` with root credentials)\n\nTechnical Details:\n\nThe vulnerability is located in the HealthUtils.java file, where a failed configuration file write triggers the following logging statement:\n```java\nlogger.info(\"Initialized root app with access key \u0027{}\u0027 and secret \u0027{}\u0027, but could not write these to {}.\",\n rootAppCredentials.get(\"accessKey\"),\n rootAppCredentials.get(\"secretKey\"),\n confFile);\n```\nThis exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes.",
"id": "GHSA-v75g-77vf-6jjq",
"modified": "2025-06-03T01:10:53Z",
"published": "2025-05-30T20:01:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Erudika/para/security/advisories/GHSA-v75g-77vf-6jjq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48955"
},
{
"type": "WEB",
"url": "https://github.com/Erudika/para/commit/1e8a89558542854bb0683ab234c4429ad93b0835"
},
{
"type": "PACKAGE",
"url": "https://github.com/Erudika/para"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Para Server Logs Sensitive Information"
}
GHSA-V8WF-H34R-55F7
Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-02-20 15:31In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk _internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor Authentication for Splunk Enterprise, in plain text.
{
"affected": [],
"aliases": [
"CVE-2026-20138"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T18:24:23Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text.",
"id": "GHSA-v8wf-h34r-55f7",
"modified": "2026-02-20T15:31:00Z",
"published": "2026-02-18T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20138"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V92J-H587-3VV3
Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2022-10-20 19:00Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1
{
"affected": [],
"aliases": [
"CVE-2022-3293"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1",
"id": "GHSA-v92j-h587-3vv3",
"modified": "2022-10-20T19:00:35Z",
"published": "2022-10-17T19:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3293"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/369008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V9V4-F5WM-PHH4
Vulnerability from github – Published: 2026-03-09 18:31 – Updated: 2026-03-09 18:31An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-70040"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-09T16:16:15Z",
"severity": "MODERATE"
},
"details": "An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.",
"id": "GHSA-v9v4-f5wm-phh4",
"modified": "2026-03-09T18:31:43Z",
"published": "2026-03-09T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70040"
},
{
"type": "WEB",
"url": "https://gist.github.com/zcxlighthouse/73b4ea07d1056ca9f100d11bfb4c8aa5"
},
{
"type": "WEB",
"url": "https://github.com/LupinLin1"
},
{
"type": "WEB",
"url": "https://github.com/LupinLin1/jimeng-web-mcp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VC69-RR85-J57C
Vulnerability from github – Published: 2025-08-12 03:31 – Updated: 2025-08-12 03:31The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.
{
"affected": [],
"aliases": [
"CVE-2025-42935"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T03:15:26Z",
"severity": "MODERATE"
},
"details": "The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.",
"id": "GHSA-vc69-rr85-j57c",
"modified": "2025-08-12T03:31:52Z",
"published": "2025-08-12T03:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42935"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3601480"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VGH3-MWXQ-RCP8
Vulnerability from github – Published: 2024-02-01 03:30 – Updated: 2024-02-23 19:48Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/vault"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-0831"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T20:52:34Z",
"nvd_published_at": "2024-02-01T02:15:46Z",
"severity": "MODERATE"
},
"details": "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`",
"id": "GHSA-vgh3-mwxq-rcp8",
"modified": "2024-02-23T19:48:21Z",
"published": "2024-02-01T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0831"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/commit/2a72f2a8a5b57de88c22a2a94c4a5f08c6f3770b"
},
{
"type": "WEB",
"url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/vault"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240223-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hashicorp Vault may expose sensitive log information"
}
GHSA-VGHC-RRCW-JW94
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
{
"affected": [],
"aliases": [
"CVE-2018-1241"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-29T17:29:00Z",
"severity": "HIGH"
},
"details": "Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.",
"id": "GHSA-vghc-rrcw-jw94",
"modified": "2022-05-13T01:33:25Z",
"published": "2022-05-13T01:33:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1241"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/May/61"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104246"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.