Vulnerabilities > Information Exposure Through Log Files

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-36649 Information Exposure Through Log Files vulnerability in Prolion Cryptospike 3.0.15
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
network
low complexity
prolion CWE-532
critical
9.1
2023-12-04 CVE-2023-6460 Information Exposure Through Log Files vulnerability in Google Cloud Firestore
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access.
local
low complexity
google CWE-532
5.5
2023-11-27 CVE-2023-6287 Information Exposure Through Log Files vulnerability in Tribe29 Checkmk Appliance Firmware
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
local
low complexity
tribe29 CWE-532
5.5
2023-11-24 CVE-2023-48708 Information Exposure Through Log Files vulnerability in Codeigniter Shield 1.0.0
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4.
network
low complexity
codeigniter CWE-532
6.5
2023-11-23 CVE-2023-4677 Information Exposure Through Log Files vulnerability in Artica Pandora FMS
Cron log backup files contain administrator session IDs.
network
low complexity
artica CWE-532
critical
9.8
2023-11-22 CVE-2023-25682 Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2023-11-22 CVE-2021-22143 Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error.
network
low complexity
elastic CWE-532
4.3
2023-11-15 CVE-2023-46672 Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
local
low complexity
elastic CWE-532
5.5
2023-11-14 CVE-2022-46647 Information Exposure Through Log Files vulnerability in Intel Unison Software
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-532
5.5
2023-11-14 CVE-2023-32283 Information Exposure Through Log Files vulnerability in Intel on Demand 1.16.1.1/2.1.0.1/3.0.1.3
Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-532
5.5