CWE-532— Insertion of Sensitive Information into Log File
1,077 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-532page 13 of 22
- CVE-2023-40029CRITICALCVSS 9.9EG 9.92023-09-07
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configur…
- CVE-2023-40338MEDIUMCVSS 4.3EG 4.32023-08-16
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about t…
- CVE-2023-40392LOWCVSS 3.3EG 3.32023-09-06
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.
- CVE-2023-40405LOWCVSS 3.3EG 3.32023-10-25
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.
- CVE-2023-40425MEDIUMCVSS 4.4EG 4.42023-10-25
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
- CVE-2023-40442LOWCVSS 3.3EG 3.32023-09-12
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
- CVE-2023-40682MEDIUMCVSS 4.4EG 4.42023-10-13
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
- CVE-2023-40694MEDIUMCVSS 6.2EG 6.22024-05-07
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.
- CVE-2023-4108MEDIUMCVSS 4.5EG 4.52023-08-11
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
- CVE-2023-41253MEDIUMCVSS 5.5EG 5.52023-10-10
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-41254MEDIUMCVSS 5.5EG 5.52023-10-25
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to…
- CVE-2023-41263LOWCVSS 3.7EG 3.72023-10-12
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs…
- CVE-2023-41308HIGHCVSS 7.5EG 7.52023-09-27
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2023-41934MEDIUMCVSS 5.3EG 5.32023-09-06
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret"…
- CVE-2023-42857LOWCVSS 3.3EG 3.32023-10-25
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
- CVE-2023-42937MEDIUMCVSS 5.5EG 5.52024-01-23
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2…
- CVE-2023-43043MEDIUMCVSS 5.1EG 5.12024-03-13
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.
- CVE-2023-43261HIGHCVSS 7.5EG 9.02023-10-04
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
- CVE-2023-43485MEDIUMCVSS 5.5EG 5.52023-10-10
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-4380MEDIUMCVSS 6.3EG 6.32023-10-04
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the los…
- CVE-2023-44155HIGHCVSS 7.5EG 4.42023-09-27
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
- CVE-2023-44483MEDIUMCVSS 6.5EG 6.52023-10-20
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and loggin…
- CVE-2023-44989HIGHCVSS 7.5EG 7.52024-03-26
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
- CVE-2023-45241MEDIUMCVSS 5.5EG 4.42023-10-05
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
- CVE-2023-45585LOWCVSS 2.3EG 2.32023-11-14
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6…
- CVE-2023-45809LOWCVSS 2.7EG 2.72023-10-19
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While au…
- CVE-2023-45825MEDIUMCVSS 5.5EG 5.52023-10-19
ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object c…
- CVE-2023-46171MEDIUMCVSS 4.3EG 4.32024-03-07
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408.
- CVE-2023-46175MEDIUMCVSS 4.4EG 4.42024-09-26
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
- CVE-2023-46215HIGHCVSS 7.5EG 7.52023-10-28
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vul…
- CVE-2023-46230HIGHCVSS 8.2EG 8.22024-01-30
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
- CVE-2023-46231MEDIUMCVSS 6.8EG 6.82024-01-30
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.
- CVE-2023-46255MEDIUMCVSS 4.2EG 4.22023-10-31
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which co…
- CVE-2023-46667HIGHCVSS 8.1EG 8.12023-10-26
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent p…
- CVE-2023-46668MEDIUMCVSS 4.6EG 4.62023-10-26
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, th…
- CVE-2023-46671HIGHCVSS 8.0EG 8.02023-12-13
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain accou…
- CVE-2023-46672HIGHCVSS 8.4EG 8.42023-11-15
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format htt…
- CVE-2023-46675HIGHCVSS 8.0EG 8.02023-12-13
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this…
- CVE-2023-46742MEDIUMCVSS 4.8EG 4.82024-01-03
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. …
- CVE-2023-4677HIGHCVSS 7.0EG 7.02023-11-23
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to aut…
- CVE-2023-4688MEDIUMCVSS 5.5EG 4.42023-08-31
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.
- CVE-2023-47131HIGHCVSS 7.5EG 7.52024-02-08
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
- CVE-2023-47390HIGHCVSS 7.5EG 7.52023-11-11
Headscale through 0.22.3 writes bearer tokens to info-level logs.
- CVE-2023-48708MEDIUMCVSS 5.0EG 5.02023-11-24
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in …
- CVE-2023-49921MEDIUMCVSS 5.2EG 5.22024-07-26
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and…
- CVE-2023-49922MEDIUMCVSS 6.8EG 6.82023-12-12
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending …
- CVE-2023-49923MEDIUMCVSS 6.8EG 6.82023-12-12
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or priva…
- CVE-2023-50253CRITICALCVSS 9.6EG 9.62024-01-03
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this inte…
- CVE-2023-5028LOWCVSS 2.0EG 2.02023-09-17
A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log fi…
- CVE-2023-50301LOWCVSS 1.9EG 1.92025-10-01
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
Map vulnerabilities like CWE-532 to your infrastructure
EchelonGraph correlates every CVE — across CWE-532 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →