CWE-532— Insertion of Sensitive Information into Log File
1,076 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-532page 11 of 22
- CVE-2022-43772LOWCVSS 3.8EG 6.52023-04-03
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
- CVE-2022-43870MEDIUMCVSS 6.5EG 6.52023-02-22
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.
- CVE-2022-43887MEDIUMCVSS 5.3EG 5.32022-12-19
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.…
- CVE-2022-43923MEDIUMCVSS 6.2EG 5.52023-02-24
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.
- CVE-2022-43930MEDIUMCVSS 6.2EG 7.52023-02-17
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.
- CVE-2022-43933MEDIUMCVSS 4.4EG 4.42024-11-21
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. …
- CVE-2022-43935MEDIUMCVSS 5.3EG 4.42024-11-21
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
- CVE-2022-43936MEDIUMCVSS 6.8EG 4.92024-11-21
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
- CVE-2022-43937MEDIUMCVSS 5.7EG 5.52024-11-21
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
- CVE-2022-43954MEDIUMCVSS 4.3EG 6.52023-02-16
An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.
- CVE-2022-44587MEDIUMCVSS 5.3EG 5.32024-06-21
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
- CVE-2022-44624MEDIUMCVSS 6.5EG 7.52022-11-03
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
- CVE-2022-44745MEDIUMCVSS 5.5EG 5.52022-11-07
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-45098MEDIUMCVSS 6.1EG 5.52023-02-01
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. …
- CVE-2022-46647LOWCVSS 2.2EG 2.22023-11-14
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-48228MEDIUMCVSS 5.5EG 5.52023-04-04
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.
- CVE-2022-48319MEDIUMCVSS 6.5EG 5.52023-02-20
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent …
- CVE-2022-48435LOWCVSS 3.3EG 3.32023-04-04
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
- CVE-2022-4858MEDIUMCVSS 4.4EG 7.52022-12-30
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
- CVE-2022-49037MEDIUMCVSS 6.5EG 6.52024-09-26
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2023-0436MEDIUMCVSS 4.5EG 7.52023-11-07
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator …
- CVE-2023-0815MEDIUMCVSS 6.8EG 6.82023-02-23
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridia…
- CVE-2023-1550MEDIUMCVSS 5.5EG 5.52023-03-29
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gai…
- CVE-2023-1786MEDIUMCVSS 5.5EG 5.52023-04-26
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
- CVE-2023-1904MEDIUMCVSS 4.2EG 4.22023-12-14
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
- CVE-2023-20207MEDIUMCVSS 4.9EG 4.92023-07-12
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencr…
- CVE-2023-20859MEDIUMCVSS 5.5EG 5.52023-03-23
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
- CVE-2023-20885MEDIUMCVSS 6.5EG 6.52023-06-16
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume…
- CVE-2023-20891MEDIUMCVSS 6.5EG 6.52023-07-26
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access …
- CVE-2023-21387MEDIUMCVSS 4.4EG 4.42023-10-30
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interac…
- CVE-2023-21435MEDIUMCVSS 4.4EG 5.52023-02-09
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
- CVE-2023-21492MEDIUMCVSS 4.4EG 9.0⚠ KEV2023-05-04
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
- CVE-2023-22362HIGHCVSS 7.5EG 7.52023-02-13
SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ve…
- CVE-2023-22447LOWCVSS 2.0EG 2.02023-05-10
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2023-22481MEDIUMCVSS 4.0EG 4.02023-03-06
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occurs in `authorizationToUser()` in `gread…
- CVE-2023-22572HIGHCVSS 7.8EG 7.82023-02-01
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeove…
- CVE-2023-22573HIGHCVSS 7.9EG 5.52023-02-01
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information di…
- CVE-2023-22574HIGHCVSS 8.1EG 8.12023-02-01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit …
- CVE-2023-22575HIGHCVSS 8.7EG 8.82023-02-01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalatio…
- CVE-2023-22644MEDIUMCVSS 5.5EG 3.82023-09-20
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-22649HIGHCVSS 8.4EG 8.42024-10-16
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt…
- CVE-2023-22733LOWCVSS 2.7EG 2.72023-01-17
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized loggin…
- CVE-2023-22869MEDIUMCVSS 5.5EG 5.52024-04-19
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
- CVE-2023-23505LOWCVSS 3.3EG 3.32023-02-27
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3…
- CVE-2023-23591MEDIUMCVSS 4.9EG 4.92023-04-12
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.
- CVE-2023-24827MEDIUMCVSS 6.5EG 6.52023-02-07
syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in…
- CVE-2023-2514MEDIUMCVSS 6.7EG 6.72023-05-12
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
- CVE-2023-25163MEDIUMCVSS 6.3EG 6.32023-02-08
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages ar…
- CVE-2023-25164HIGHCVSS 8.6EG 8.62023-02-08
Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be…
- CVE-2023-25604MEDIUMCVSS 5.5EG 5.52023-10-10
An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.
Map vulnerabilities like CWE-532 to your infrastructure
EchelonGraph correlates every CVE — across CWE-532 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →