VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 5 of 25
  • CVE-2016-9882HigJan 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often…

  • CVE-2016-0879HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.

  • CVE-2016-0875HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

  • CVE-2013-4733HigJun 30, 2013
    risk 0.49cvss 7.5epss 0.02

    The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.

  • CVE-2025-41690HigSep 2, 2025
    risk 0.48cvss 7.4epss 0.00

    A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access…

  • CVE-2026-32996HigMay 28, 2026
    risk 0.47cvss epss 0.00

    This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

  • CVE-2026-20205HigApr 15, 2026
    risk 0.47cvss 7.2epss 0.00

    In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.The vulnerability would require…

  • CVE-2017-15113HigJul 27, 2018
    risk 0.47cvss 7.2epss 0.01

    ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or…

  • CVE-2025-31479HigApr 2, 2025
    risk 0.46cvss 8.2epss 0.01

    canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is…

  • CVE-2025-54064MedJul 17, 2025
    risk 0.45cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the `rucio-server`, `rucio-ui`, and `rucio-webui` define the log format for the apache access…

  • CVE-2021-21508MedMay 22, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access…

  • CVE-2025-14437HigDec 18, 2025
    risk 0.44cvss 7.5epss 0.02

    The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API…

  • CVE-2025-8864MedAug 11, 2025
    risk 0.44cvss epss 0.00

    Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs

  • CVE-2025-7371MedJul 22, 2025
    risk 0.44cvss 6.8epss 0.00

    Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during…

  • CVE-2024-32757MedJul 2, 2024
    risk 0.44cvss 6.8epss 0.00

    Under certain circumstances unnecessary user details are provided within system logs

  • CVE-2024-27157MedJun 14, 2024
    risk 0.44cvss 6.8epss 0.00

    The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27156MedJun 14, 2024
    risk 0.44cvss 6.8epss 0.00

    The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference…

  • CVE-2024-22440MedApr 17, 2024
    risk 0.44cvss 6.8epss 0.00

    A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files.

  • CVE-2025-43937MedApr 16, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…

  • CVE-2012-0814MedJan 27, 2012
    risk 0.43cvss 6.5epss 0.04

    The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by…