CWE-532
Insertion of Sensitive Information into Log File
BaseIncompleteLikelihood: Medium
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (243)
page 9 of 13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-33922 | Med | 0.34 | 5.3 | 0.00 | May 2, 2024 | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | |
| CVE-2024-32788 | Med | 0.34 | 5.3 | 0.00 | Apr 24, 2024 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | |
| CVE-2024-32686 | Med | 0.34 | 5.3 | 0.00 | Apr 18, 2024 | Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | |
| CVE-2024-32513 | Med | 0.34 | 5.3 | 0.00 | Apr 17, 2024 | Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | |
| CVE-2024-31353 | Med | 0.34 | 5.3 | 0.00 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |
| CVE-2024-30523 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2024 | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4. | |
| CVE-2024-30514 | Med | 0.34 | 5.3 | 0.00 | Mar 29, 2024 | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1. | |
| CVE-2024-30511 | Med | 0.34 | 5.3 | 0.00 | Mar 29, 2024 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | |
| CVE-2024-25923 | Med | 0.34 | 5.3 | 0.00 | Mar 28, 2024 | Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. | |
| CVE-2024-22138 | Med | 0.34 | 5.3 | 0.00 | Mar 28, 2024 | Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. | |
| CVE-2023-52146 | Med | 0.34 | 5.3 | 0.00 | Jan 5, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. | |
| CVE-2026-2401 | Med | 0.33 | 5.0 | 0.00 | Apr 14, 2026 | CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | |
| CVE-2026-0936 | Med | 0.33 | 5.0 | 0.00 | Jan 29, 2026 | An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user. | |
| CVE-2025-53649 | Med | 0.33 | 5.1 | 0.00 | Jul 29, 2025 | "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs. | |
| CVE-2025-2327 | Med | 0.33 | — | 0.00 | Jun 16, 2025 | A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | |
| CVE-2025-49009 | Med | 0.33 | 6.2 | 0.00 | Jun 5, 2025 | Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue. | |
| CVE-2025-48955 | Med | 0.33 | 6.2 | 0.00 | Jun 2, 2025 | Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue. | |
| CVE-2022-35202 | Med | 0.33 | 5.1 | 0.00 | Feb 11, 2025 | A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password. | |
| CVE-2026-4819 | Med | 0.32 | 4.9 | 0.00 | Mar 31, 2026 | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | |
| CVE-2025-0071 | Med | 0.32 | 4.9 | 0.00 | Mar 11, 2025 | SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. |