CWE-532
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (485)
page 11 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45040 | Med | 0.34 | — | 0.00 | May 28, 2026 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT… | ||
| CVE-2026-41182 | — | Med | 0.34 | 5.3 | 0.00 | Apr 23, 2026 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to… | |
| CVE-2025-70040 | Med | 0.34 | 5.3 | 0.00 | Mar 9, 2026 | An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. | ||
| CVE-2025-10486 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2025 | The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the… | ||
| CVE-2025-6587 | Med | 0.34 | — | 0.00 | Jul 3, 2025 | System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain… | ||
| CVE-2025-3911 | Med | 0.34 | — | 0.00 | Apr 29, 2025 | Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive… | ||
| CVE-2025-4090 | Med | 0.34 | 5.3 | 0.00 | Apr 29, 2025 | A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-31788 | Med | 0.34 | 5.3 | 0.00 | Apr 1, 2025 | Insertion of Sensitive Information into Log File vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Retrieve Embedded Sensitive Data.This issue affects AIO Performance Profiler, Monitor,… | ||
| CVE-2025-1696 | Med | 0.34 | — | 0.00 | Mar 6, 2025 | A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in… | ||
| CVE-2024-13818 | Med | 0.34 | 5.3 | 0.00 | Feb 21, 2025 | The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed… | ||
| CVE-2024-10544 | Med | 0.34 | 5.3 | 0.01 | Oct 31, 2024 | The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about… | ||
| CVE-2024-43990 | Med | 0.34 | 5.3 | 0.00 | Sep 25, 2024 | Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. | ||
| CVE-2024-37270 | Med | 0.34 | 5.3 | 0.00 | Jul 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1. | ||
| CVE-2024-37205 | Med | 0.34 | 5.3 | 0.00 | Jul 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4. | ||
| CVE-2024-22276 | Med | 0.34 | 5.3 | 0.00 | Jun 27, 2024 | VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged. | ||
| CVE-2024-32811 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2024 | Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. | ||
| CVE-2024-34798 | Med | 0.34 | 5.3 | 0.00 | Jun 3, 2024 | Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5. | ||
| CVE-2024-34550 | Med | 0.34 | 5.3 | 0.01 | May 14, 2024 | Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. | ||
| CVE-2024-33922 | Med | 0.34 | 5.3 | 0.00 | May 2, 2024 | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | ||
| CVE-2024-32788 | Med | 0.34 | 5.3 | 0.01 | Apr 24, 2024 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. |
- risk 0.34cvss —epss 0.00
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT…
- risk 0.34cvss 5.3epss 0.00
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to…
- risk 0.34cvss 5.3epss 0.00
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
- risk 0.34cvss 5.3epss 0.00
The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the…
- risk 0.34cvss —epss 0.00
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain…
- risk 0.34cvss —epss 0.00
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive…
- risk 0.34cvss 5.3epss 0.00
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Retrieve Embedded Sensitive Data.This issue affects AIO Performance Profiler, Monitor,…
- risk 0.34cvss —epss 0.00
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in…
- risk 0.34cvss 5.3epss 0.00
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed…
- risk 0.34cvss 5.3epss 0.01
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about…
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.
- risk 0.34cvss 5.3epss 0.00
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5.
- risk 0.34cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.
- risk 0.34cvss 5.3epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.