CWE-532
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (485)
page 8 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24651 | Med | 0.38 | 5.9 | 0.00 | Apr 17, 2025 | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through <= 1.5.3. | ||
| CVE-2017-2592 | — | Med | 0.38 | 5.9 | 0.00 | May 8, 2018 | python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from… | |
| CVE-2017-6139 | Med | 0.38 | 5.9 | 0.02 | Dec 21, 2017 | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | ||
| CVE-2017-0380 | Med | 0.38 | 5.9 | 0.02 | Sep 18, 2017 | The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by… | ||
| CVE-2025-46313 | Med | 0.36 | 5.5 | 0.00 | Jun 11, 2026 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||
| CVE-2026-9751 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. | ||
| CVE-2026-9735 | — | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction. | |
| CVE-2026-5515 | Med | 0.36 | 5.5 | 0.00 | May 27, 2026 | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | ||
| CVE-2025-13755 | Med | 0.36 | 5.5 | 0.00 | May 26, 2026 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user. | ||
| CVE-2026-44479 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested… | ||
| CVE-2026-32218 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2026-32217 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2026-32215 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | ||
| CVE-2026-27315 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2026 | Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this… | ||
| CVE-2025-68919 | Med | 0.36 | 5.6 | 0.00 | Dec 24, 2025 | Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality,… | ||
| CVE-2025-43426 | Med | 0.36 | 5.5 | 0.00 | Nov 4, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||
| CVE-2025-43354 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | ||
| CVE-2025-43303 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | ||
| CVE-2025-23261 | Med | 0.36 | 5.5 | 0.00 | Sep 4, 2025 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. | ||
| CVE-2025-23289 | Med | 0.36 | 5.5 | 0.00 | Jul 31, 2025 | NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure. |
- risk 0.38cvss 5.9epss 0.00
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through <= 1.5.3.
- risk 0.38cvss 5.9epss 0.00
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from…
- risk 0.38cvss 5.9epss 0.02
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
- risk 0.38cvss 5.9epss 0.02
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by…
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
- risk 0.36cvss 5.5epss 0.00
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.
- risk 0.36cvss 5.5epss 0.00
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
- risk 0.36cvss 5.5epss 0.00
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
- risk 0.36cvss 5.5epss 0.00
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested…
- risk 0.36cvss 5.5epss 0.00
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this…
- risk 0.36cvss 5.6epss 0.00
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality,…
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.
- risk 0.36cvss 5.5epss 0.00
NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.