CWE-532— Insertion of Sensitive Information into Log File
1,077 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-532page 12 of 22
- CVE-2023-25682MEDIUMCVSS 6.2EG 6.22023-11-22
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.
- CVE-2023-25687MEDIUMCVSS 4.3EG 4.32023-03-21
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.
- CVE-2023-25721MEDIUMCVSS 6.5EG 6.52023-03-28
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agen…
- CVE-2023-26023MEDIUMCVSS 6.5EG 6.52023-07-19
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.
- CVE-2023-26026MEDIUMCVSS 5.3EG 5.32023-07-19
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.
- CVE-2023-26207LOWCVSS 3.3EG 3.32023-06-13
An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text.
- CVE-2023-27502LOWCVSS 3.3EG 3.32024-03-14
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-28351LOWCVSS 3.3EG 3.32023-05-31
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these …
- CVE-2023-28441HIGHCVSS 8.0EG 8.02023-03-24
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affecte…
- CVE-2023-28443MEDIUMCVSS 4.2EG 4.22023-03-24
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permiss…
- CVE-2023-28630MEDIUMCVSS 4.2EG 4.22023-03-27
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, t…
- CVE-2023-2878MEDIUMCVSS 6.5EG 6.52023-06-07
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
- CVE-2023-29002HIGHCVSS 7.2EG 7.22023-04-18
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress…
- CVE-2023-30430MEDIUMCVSS 5.5EG 6.22024-06-27
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.
- CVE-2023-30610MEDIUMCVSS 5.5EG 5.52023-04-19
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key…
- CVE-2023-30618LOWCVSS 3.2EG 3.22023-04-21
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a…
- CVE-2023-30721MEDIUMCVSS 4.4EG 4.42023-09-06
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
- CVE-2023-31056CRITICALCVSS 9.1EG 9.12023-04-24
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.
- CVE-2023-31207MEDIUMCVSS 4.4EG 4.42023-05-02
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
- CVE-2023-31413LOWCVSS 3.3EG 3.32023-05-04
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
- CVE-2023-31417MEDIUMCVSS 4.1EG 4.12023-10-26
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of …
- CVE-2023-31422CRITICALCVSS 9.0EG 9.02023-10-26
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to …
- CVE-2023-31426MEDIUMCVSS 6.8EG 6.82023-08-01
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to acce…
- CVE-2023-32283MEDIUMCVSS 5.5EG 5.52023-11-14
Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-32392MEDIUMCVSS 5.5EG 5.52023-06-23
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be abl…
- CVE-2023-32446MEDIUMCVSS 5.5EG 5.52023-07-20
Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information …
- CVE-2023-32447MEDIUMCVSS 5.5EG 5.52023-07-20
Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the lo…
- CVE-2023-32455MEDIUMCVSS 5.5EG 5.52023-07-20
Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information …
- CVE-2023-32468MEDIUMCVSS 5.8EG 5.82023-07-26
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensi…
- CVE-2023-32478CRITICALCVSS 9.0EG 9.02023-07-21
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosur…
- CVE-2023-32491MEDIUMCVSS 6.3EG 6.32023-08-16
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
- CVE-2023-33001HIGHCVSS 7.5EG 4.32023-05-16
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
- CVE-2023-3335MEDIUMCVSS 6.5EG 6.52023-10-03
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
- CVE-2023-3349HIGHCVSS 8.2EG 8.22023-10-03
Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the U…
- CVE-2023-3350HIGHCVSS 8.2EG 8.22023-10-03
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the …
- CVE-2023-3363LOWCVSS 3.9EG 3.92023-07-13
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when t…
- CVE-2023-34097HIGHCVSS 7.8EG 7.82023-06-05
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to eleva…
- CVE-2023-34223MEDIUMCVSS 4.3EG 4.32023-05-31
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
- CVE-2023-35695HIGHCVSS 7.5EG 7.52023-06-26
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
- CVE-2023-36494MEDIUMCVSS 4.4EG 4.42023-08-02
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-36649CRITICALCVSS 9.1EG 9.12023-12-12
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Gran…
- CVE-2023-37224MEDIUMCVSS 6.0EG 6.02023-07-14
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
- CVE-2023-38064MEDIUMCVSS 4.3EG 4.32023-07-12
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
- CVE-2023-38067MEDIUMCVSS 4.3EG 4.32023-07-12
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
- CVE-2023-38271MEDIUMCVSS 4.3EG 4.32025-01-25
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
- CVE-2023-38732MEDIUMCVSS 4.3EG 4.32023-08-22
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
- CVE-2023-38733MEDIUMCVSS 4.3EG 4.32023-08-22
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
- CVE-2023-39348MEDIUMCVSS 4.0EG 4.02023-08-28
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notific…
- CVE-2023-39447MEDIUMCVSS 4.4EG 4.42023-10-10
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-3993MEDIUMCVSS 4.9EG 4.92023-08-02
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a quer…
Map vulnerabilities like CWE-532 to your infrastructure
EchelonGraph correlates every CVE — across CWE-532 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →