CWE-532
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (485)
page 10 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45679 | Med | 0.35 | 6.5 | 0.00 | Jun 2, 2026 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this… | ||
| CVE-2026-41185 | Med | 0.35 | 6.5 | 0.00 | May 28, 2026 | When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData)… | ||
| CVE-2026-41184 | Med | 0.35 | 6.5 | 0.01 | May 28, 2026 | In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes the live Kubernetes ServiceAccount bearer… | ||
| CVE-2026-43826 | Med | 0.35 | 6.5 | 0.00 | May 11, 2026 | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission… | ||
| CVE-2026-41018 | Med | 0.35 | 6.5 | 0.00 | May 11, 2026 | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission… | ||
| CVE-2025-9985 | Med | 0.35 | 5.3 | 0.11 | Sep 26, 2025 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information… | ||
| CVE-2025-1979 | Med | 0.35 | 6.4 | 0.00 | Mar 6, 2025 | Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the… | ||
| CVE-2024-11193 | Med | 0.35 | 6.5 | 0.00 | Nov 13, 2024 | An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized… | ||
| CVE-2024-37930 | Med | 0.35 | 5.3 | 0.00 | Aug 12, 2024 | Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0. | ||
| CVE-2024-3744 | Med | 0.35 | 6.5 | 0.00 | May 15, 2024 | A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens… | ||
| CVE-2024-31298 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | ||
| CVE-2024-31249 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | ||
| CVE-2024-31247 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | ||
| CVE-2024-31245 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | ||
| CVE-2024-2302 | Med | 0.35 | 5.3 | 0.01 | Apr 9, 2024 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to… | ||
| CVE-2023-51508 | Med | 0.35 | 5.3 | 0.00 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. | ||
| CVE-2023-51490 | Med | 0.35 | 5.3 | 0.00 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | ||
| CVE-2023-51408 | Med | 0.35 | 5.3 | 0.00 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce:… | ||
| CVE-2018-3776 | Med | 0.35 | 5.3 | 0.01 | Aug 12, 2018 | Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||
| CVE-2018-1999036 | — | Med | 0.35 | 6.5 | 0.01 | Aug 1, 2018 | An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. |
- risk 0.35cvss 6.5epss 0.00
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this…
- risk 0.35cvss 6.5epss 0.00
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData)…
- risk 0.35cvss 6.5epss 0.01
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes the live Kubernetes ServiceAccount bearer…
- risk 0.35cvss 6.5epss 0.00
The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission…
- risk 0.35cvss 6.5epss 0.00
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission…
- risk 0.35cvss 5.3epss 0.11
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information…
- risk 0.35cvss 6.4epss 0.00
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the…
- risk 0.35cvss 6.5epss 0.00
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized…
- risk 0.35cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0.
- risk 0.35cvss 6.5epss 0.00
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens…
- risk 0.35cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.
- risk 0.35cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.
- risk 0.35cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.
- risk 0.35cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.
- risk 0.35cvss 5.3epss 0.01
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to…
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce:…
- risk 0.35cvss 5.3epss 0.01
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
- risk 0.35cvss 6.5epss 0.01
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.