VYPR

CWE-779

Logging of Excessive Data

BaseDraftLikelihood: Low

Description

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator's ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (9)

  • CVE-2024-36072CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious…

  • CVE-2025-8696HigSep 10, 2025
    risk 0.49cvss 7.5epss 0.00

    If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.

  • CVE-2026-20210MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because…

  • CVE-2026-20209MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability…

  • CVE-2025-53636MedJul 11, 2025
    risk 0.28cvss 5.4epss 0.00

    Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and…

  • CVE-2025-69230Jan 5, 2026
    risk 0.00cvss epss 0.00

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of…

  • CVE-2025-53651Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.

  • CVE-2025-53650Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

  • CVE-2024-1141Feb 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.