VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 6 of 25
  • CVE-2026-44052HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

  • CVE-2026-44516HigMay 14, 2026
    risk 0.42cvss 7.6epss 0.00

    Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and…

  • CVE-2026-41219MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • CVE-2026-31987HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.01

    JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.

  • CVE-2025-66236HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit…

  • CVE-2026-34487HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13…

  • CVE-2026-4901MedApr 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by…

  • CVE-2026-32982HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError…

  • CVE-2026-1495MedFeb 10, 2026
    risk 0.42cvss 6.5epss 0.00

    The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.

  • CVE-2025-54376HigSep 10, 2025
    risk 0.42cvss 7.5epss 0.01

    Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream…

  • CVE-2025-7445MedSep 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.

  • CVE-2025-27391MedApr 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache…

  • CVE-2025-25013MedApr 8, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.

  • CVE-2025-30205HigMar 24, 2025
    risk 0.42cvss 7.6epss 0.00

    kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be…

  • CVE-2025-24556HigFeb 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4.

  • CVE-2024-12226MedJan 16, 2025
    risk 0.42cvss 6.5epss 0.00

    In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied…

  • CVE-2024-36127HigJun 3, 2024
    risk 0.42cvss 7.5epss 0.00

    apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.

  • CVE-2024-32051MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information.

  • CVE-2018-0504MedOct 4, 2018
    risk 0.42cvss 6.5epss 0.03

    Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

  • CVE-2018-7682MedJun 22, 2018
    risk 0.42cvss 6.5epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.