VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 10 of 25
  • CVE-2026-45679MedJun 2, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this…

  • CVE-2026-41185MedMay 28, 2026
    risk 0.35cvss 6.5epss 0.00

    When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData)…

  • CVE-2026-41184MedMay 28, 2026
    risk 0.35cvss 6.5epss 0.01

    In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes the live Kubernetes ServiceAccount bearer…

  • CVE-2026-43826MedMay 11, 2026
    risk 0.35cvss 6.5epss 0.00

    The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission…

  • CVE-2026-41018MedMay 11, 2026
    risk 0.35cvss 6.5epss 0.00

    The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission…

  • CVE-2025-9985MedSep 26, 2025
    risk 0.35cvss 5.3epss 0.11

    The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information…

  • CVE-2025-1979MedMar 6, 2025
    risk 0.35cvss 6.4epss 0.00

    Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the…

  • CVE-2024-11193MedNov 13, 2024
    risk 0.35cvss 6.5epss 0.00

    An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized…

  • CVE-2024-37930MedAug 12, 2024
    risk 0.35cvss 5.3epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0.

  • CVE-2024-3744MedMay 15, 2024
    risk 0.35cvss 6.5epss 0.00

    A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens…

  • CVE-2024-31298MedApr 10, 2024
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

  • CVE-2024-31249MedApr 10, 2024
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.

  • CVE-2024-31247MedApr 10, 2024
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.

  • CVE-2024-31245MedApr 10, 2024
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.

  • CVE-2024-2302MedApr 9, 2024
    risk 0.35cvss 5.3epss 0.01

    The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to…

  • CVE-2023-51508MedJan 8, 2024
    risk 0.35cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.

  • CVE-2023-51490MedJan 8, 2024
    risk 0.35cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.

  • CVE-2023-51408MedJan 8, 2024
    risk 0.35cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce:…

  • CVE-2018-3776MedAug 12, 2018
    risk 0.35cvss 5.3epss 0.01

    Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

  • CVE-2018-1999036MedAug 1, 2018
    risk 0.35cvss 6.5epss 0.01

    An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.