VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 13 of 25
  • CVE-2026-40091MedApr 15, 2026
    risk 0.32cvss 6.0epss 0.00

    SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext…

  • CVE-2026-4819MedMar 31, 2026
    risk 0.32cvss 4.9epss 0.00

    In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

  • CVE-2025-0071MedMar 11, 2025
    risk 0.32cvss 4.9epss 0.00

    SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application.…

  • CVE-2017-16946MedNov 25, 2017
    risk 0.32cvss 4.9epss 0.01

    The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

  • CVE-2026-1622MedFeb 4, 2026
    risk 0.31cvss epss 0.00

    Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information,…

  • CVE-2025-57813MedAug 26, 2025
    risk 0.31cvss 5.9epss 0.00

    traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could…

  • CVE-2024-11165MedNov 13, 2024
    risk 0.30cvss epss 0.00

    An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The…

  • CVE-2026-0267MedJun 10, 2026
    risk 0.29cvss epss 0.00

    An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions…

  • CVE-2026-45581MedJun 8, 2026
    risk 0.29cvss 5.5epss 0.00

    fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS…

  • CVE-2025-36187MedMar 25, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

  • CVE-2025-14010MedDec 4, 2025
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve…

  • CVE-2025-48374MedMay 22, 2025
    risk 0.29cvss epss 0.00

    zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into…

  • CVE-2024-38862MedOct 14, 2024
    risk 0.29cvss 4.4epss 0.00

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.

  • CVE-2024-8775MedSep 14, 2024
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter,…

  • CVE-2024-34353MedMay 14, 2024
    risk 0.29cvss 5.5epss 0.00

    The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's…

  • CVE-2023-6833MedApr 23, 2024
    risk 0.29cvss 4.4epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.

  • CVE-2021-39913MedNov 5, 2021
    risk 0.29cvss 4.4epss 0.00

    Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system…

  • CVE-2018-2440MedJul 10, 2018
    risk 0.29cvss 4.4epss 0.00

    Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.

  • CVE-2017-1795MedJul 6, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

  • CVE-2024-13416MedFeb 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to…