VYPR

CWE-1295

Debug Messages Revealing Unnecessary Information

BaseIncomplete

Description

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-121

CVEs mapped to this weakness (11)

  • CVE-2024-38516HigJun 25, 2024
    risk 0.50cvss 8.8epss 0.01

    ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.

  • CVE-2025-31001HigApr 1, 2025
    risk 0.49cvss 7.5epss 0.00

    Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= 2.4.0.

  • CVE-2023-5392HigApr 11, 2024
    risk 0.49cvss 7.5epss 0.00

    C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and…

  • CVE-2025-42604MedApr 23, 2025
    risk 0.45cvss epss 0.00

    This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of…

  • CVE-2025-2877MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also…

  • CVE-2025-59109MedJan 26, 2026
    risk 0.33cvss epss 0.00

    The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be…

  • CVE-2024-11217MedNov 15, 2024
    risk 0.32cvss 4.9epss 0.00

    A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

  • CVE-2024-27179MedJun 14, 2024
    risk 0.31cvss 4.7epss 0.00

    Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-45784Nov 15, 2024
    risk 0.00cvss epss 0.01

    Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these…

  • CVE-2023-25500Jun 22, 2023
    risk 0.00cvss epss 0.01

    Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified…

  • CVE-2021-31412Jun 24, 2021
    risk 0.00cvss epss 0.01

    Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9…