Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1743 vulnerabilities reference this CWE, most recent first.

GHSA-VH9Q-RGW5-3GQX

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32
VLAI
Details

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T17:16:03Z",
    "severity": "MODERATE"
  },
  "details": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission  to get the external resources password via the logs of the product",
  "id": "GHSA-vh9q-rgw5-3gqx",
  "modified": "2025-11-18T18:32:54Z",
  "published": "2025-11-18T18:32:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54971"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHC5-HFX4-87R4

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2026-04-28 21:35
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:39:23Z",
    "severity": "HIGH"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.",
  "id": "GHSA-vhc5-hfx4-87r4",
  "modified": "2026-04-28T21:35:11Z",
  "published": "2024-05-14T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34559"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHVM-HVVJ-QF99

Vulnerability from github – Published: 2024-05-03 09:30 – Updated: 2025-02-25 18:31
VLAI
Details

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T08:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.",
  "id": "GHSA-vhvm-hvvj-qf99",
  "modified": "2025-02-25T18:31:18Z",
  "published": "2024-05-03T09:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28072"
    },
    {
      "type": "WEB",
      "url": "https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHW4-7VWF-WW45

Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31
VLAI
Details

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-26T17:16:27Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-vhw4-7vwf-ww45",
  "modified": "2026-05-26T18:31:44Z",
  "published": "2026-05-26T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13755"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7273554"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJW2-GG68-3J52

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI
Details

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T18:15:31Z",
    "severity": "MODERATE"
  },
  "details": "When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-vjw2-gg68-3j52",
  "modified": "2025-02-05T18:34:46Z",
  "published": "2025-02-05T18:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23413"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000149185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VM8F-QPQ4-4VW6

Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36
VLAI
Details

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-12T23:15:11Z",
    "severity": "LOW"
  },
  "details": "An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.",
  "id": "GHSA-vm8f-qpq4-4vw6",
  "modified": "2024-04-04T08:36:33Z",
  "published": "2023-10-13T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VMCP-66R5-3PCP

Vulnerability from github – Published: 2024-07-17 16:00 – Updated: 2024-07-17 19:13
VLAI
Summary
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Details

Summary

When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an error is logged with the Eureka server service URLs but only the first URL is masked.

Details

Package: Steeltoe.Discovery.Eureka Package version: 3.2.1 Branch: "release/3.2" File name: DiscoveryClient.cs Line number: 325 Code in question: _logger.LogError(e, "FetchRegistry Failed for Eureka service urls: {EurekaServerServiceUrls}", new Uri(ClientConfig.EurekaServerServiceUrls).ToMaskedString());

Error message in logs: FetchRegistry Failed for Eureka service urls: https://****:****@eureka1.com:443/eureka,https://user:password@eureka2.com:443/eureka

I thought new Uri(clientOptions.EurekaServerServiceUrls) would throw a UriFormatException since there are multiple URLs but my logs are showing two URLs regardless.

PoC

  1. Set Eureka config with multiple server URLs with basic auth
  2. Apologies for not being more descriptive for this step, but I believe we would just need to trigger an exception in FetchFullRegistryAsync.
  3. Check the logs and should see the error

Impact

Vulnerability: Credential leakage in the logs Who does it impact?: Users who are using peer awareness with Spring Eureka

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.7"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Discovery.Eureka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Discovery.EurekaBase"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 3.0.0"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Discovery.ClientCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Discovery.ClientAutofac"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-40636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-17T16:00:10Z",
    "nvd_published_at": "2024-07-17T18:15:04Z",
    "severity": "LOW"
  },
  "details": "### Summary\nWhen utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an error is logged with the Eureka server service URLs but only the first URL is masked.\n\n### Details\nPackage: Steeltoe.Discovery.Eureka\nPackage version: 3.2.1\nBranch: \"release/3.2\"\nFile name: `DiscoveryClient.cs`\nLine number: 325\nCode in question:  `_logger.LogError(e, \"FetchRegistry Failed for Eureka service urls: {EurekaServerServiceUrls}\", new Uri(ClientConfig.EurekaServerServiceUrls).ToMaskedString());`\n\n\nError message in logs: `FetchRegistry Failed for Eureka service urls: https://****:****@eureka1.com:443/eureka,https://user:password@eureka2.com:443/eureka`\n\nI thought `new Uri(clientOptions.EurekaServerServiceUrls)` would throw a `UriFormatException` since there are multiple URLs but my logs are showing two URLs regardless.\n\n### PoC\n1. Set Eureka config with multiple server URLs with basic auth\n2. Apologies for not being more descriptive for this step, but I believe we would just need to trigger an exception in `FetchFullRegistryAsync`.\n3. Check the logs and should see the error \n\n### Impact\nVulnerability: Credential leakage in the logs\nWho does it impact?: Users who are using peer awareness with Spring Eureka",
  "id": "GHSA-vmcp-66r5-3pcp",
  "modified": "2024-07-17T19:13:43Z",
  "published": "2024-07-17T16:00:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-vmcp-66r5-3pcp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SteeltoeOSS/Steeltoe/commit/c5d4a94e90ccb77f8e851bc681a2e348a95e7ecb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SteeltoeOSS/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error"
}

GHSA-VPMF-XXF3-WR92

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-22T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.",
  "id": "GHSA-vpmf-xxf3-wr92",
  "modified": "2022-05-13T01:10:58Z",
  "published": "2022-05-13T01:10:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7682"
    },
    {
      "type": "WEB",
      "url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQ4H-6CCR-7PJ2

Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-07-22 18:30
VLAI
Details

Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-22T16:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions \u003e=2.2.1 and \u003c= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.",
  "id": "GHSA-vq4h-6ccr-7pj2",
  "modified": "2025-07-22T18:30:42Z",
  "published": "2025-07-22T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7371"
    },
    {
      "type": "WEB",
      "url": "https://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQ4P-PJ29-GGRF

Vulnerability from github – Published: 2025-02-21 06:31 – Updated: 2026-04-08 18:33
VLAI
Details

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-21T04:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.",
  "id": "GHSA-vq4p-pj29-ggrf",
  "modified": "2026-04-08T18:33:49Z",
  "published": "2025-02-21T06:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13818"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/pie-register/trunk/classes/base_variables.php#L68"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3255985%40pie-register%2Ftrunk\u0026old=3246810%40pie-register%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.