CWE-532
Insertion of Sensitive Information into Log File
BaseIncompleteLikelihood: Medium
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (243)
page 6 of 13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44479 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included verbatim in those suggestions. The plaintext token may be captured in CI/CD logs, agent transcripts, or other automation output. This vulnerability is fixed in 52.0.1. | |
| CVE-2026-32218 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |
| CVE-2026-32217 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |
| CVE-2026-32215 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |
| CVE-2026-27315 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2026 | Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory. However, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk. | |
| CVE-2025-68919 | Med | 0.36 | 5.6 | 0.00 | Dec 24, 2025 | Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability. | |
| CVE-2025-43426 | Med | 0.36 | 5.5 | 0.00 | Nov 4, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data. | |
| CVE-2025-43354 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | |
| CVE-2025-43303 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | |
| CVE-2025-23261 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. | |
| CVE-2025-23289 | Med | 0.36 | 5.5 | 0.00 | Jul 31, 2025 | NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure. | |
| CVE-2025-43225 | Med | 0.36 | 5.5 | 0.00 | Jul 30, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | |
| CVE-2025-31199 | Med | 0.36 | 5.5 | 0.00 | May 29, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data. | |
| CVE-2025-2300 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2025 | Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00. | |
| CVE-2025-0736 | Med | 0.36 | 5.5 | 0.00 | Jan 28, 2025 | A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. | |
| CVE-2024-54519 | Med | 0.36 | 5.5 | 0.00 | Jan 27, 2025 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to read sensitive location information. | |
| CVE-2024-11923 | Med | 0.36 | 5.5 | 0.00 | Jan 18, 2025 | Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 | |
| CVE-2024-44239 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2024 | An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state. | |
| CVE-2024-44205 | Med | 0.36 | 5.5 | 0.00 | Oct 24, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs. | |
| CVE-2024-44166 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data. |