Vulnerabilities > Information Exposure Through Log Files

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-46675 Information Exposure Through Log Files vulnerability in Elastic Kibana
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.
network
low complexity
elastic CWE-532
6.5
2023-12-12 CVE-2023-49922 Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429.
network
low complexity
elastic CWE-532
6.5
2023-12-12 CVE-2023-6687 Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429.
network
low complexity
elastic CWE-532
6.5
2023-12-12 CVE-2023-49923 Information Exposure Through Log Files vulnerability in Elastic Enterprise Search
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level.
network
low complexity
elastic CWE-532
6.5
2023-12-12 CVE-2023-36649 Information Exposure Through Log Files vulnerability in Prolion Cryptospike 3.0.15
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
network
low complexity
prolion CWE-532
critical
9.1
2023-12-04 CVE-2023-6460 Information Exposure Through Log Files vulnerability in Google Cloud Firestore
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access.
local
low complexity
google CWE-532
5.5
2023-11-27 CVE-2023-6287 Information Exposure Through Log Files vulnerability in Tribe29 Checkmk Appliance Firmware
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
local
low complexity
tribe29 CWE-532
5.5
2023-11-23 CVE-2023-4677 Information Exposure Through Log Files vulnerability in Artica Pandora FMS
Cron log backup files contain administrator session IDs.
network
low complexity
artica CWE-532
critical
9.8
2023-11-22 CVE-2021-22143 Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error.
network
low complexity
elastic CWE-532
4.3
2023-11-15 CVE-2023-46672 Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
local
low complexity
elastic CWE-532
5.5