Vulnerabilities > Information Exposure Through Log Files
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-28 | CVE-2023-46215 | Information Exposure Through Log Files vulnerability in Apache Airflow and Airflow Celery Provider Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue. | 7.5 |
| 2023-10-26 | CVE-2023-31417 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. | 4.4 |
| 2023-10-26 | CVE-2023-31422 | Information Exposure Through Log Files vulnerability in Elastic Kibana 8.10.0 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. | 7.5 |
| 2023-10-26 | CVE-2023-46667 | Information Exposure Through Log Files vulnerability in Elastic Fleet Server 8.10.0/8.10.2 An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. | 8.1 |
| 2023-10-26 | CVE-2023-46668 | Information Exposure Through Log Files vulnerability in Elastic Endpoint 7.9.0/8.10.3 If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. | 9.1 |
| 2023-10-25 | CVE-2023-40405 | Information Exposure Through Log Files vulnerability in Apple Macos 14.0 A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |
| 2023-10-25 | CVE-2023-40425 | Information Exposure Through Log Files vulnerability in Apple Macos A privacy issue was addressed with improved private data redaction for log entries. | 4.4 |
| 2023-10-25 | CVE-2023-41254 | Information Exposure Through Log Files vulnerability in Apple products A privacy issue was addressed with improved private data redaction for log entries. | 5.5 |
| 2023-10-25 | CVE-2023-42857 | Information Exposure Through Log Files vulnerability in Apple Ipados and Macos A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |
| 2023-10-20 | CVE-2023-44483 | Information Exposure Through Log Files vulnerability in Apache Santuario XML Security for Java All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. | 6.5 |