VYPR

CWE-117

Improper Output Neutralization for Logs

BaseDraftLikelihood: Medium

Description

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-268 · CAPEC-81 · CAPEC-93

CVEs mapped to this weakness (45)

page 3 of 3
  • CVE-2020-14332Sep 11, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is…

  • CVE-2020-14330Sep 11, 2020
    risk 0.00cvss epss 0.01

    An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other…

  • CVE-2020-4072Jun 25, 2020
    risk 0.00cvss epss 0.01

    In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.…

  • CVE-2019-14846Oct 8, 2019
    risk 0.00cvss epss 0.01

    In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not…

  • CVE-2018-10932MedAug 21, 2018
    risk 0.00cvss 4.3epss 0.01

    lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.