Vulnerabilities > Information Exposure Through Log Files
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
2023-12-12 | CVE-2023-49922 | Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2 An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
2023-12-12 | CVE-2023-6687 | Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2 An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
2023-12-12 | CVE-2023-49923 | Information Exposure Through Log Files vulnerability in Elastic Enterprise Search An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. | 6.5 |
2023-12-12 | CVE-2023-36649 | Information Exposure Through Log Files vulnerability in Prolion Cryptospike 3.0.15 Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | 9.1 |
2023-12-04 | CVE-2023-6460 | Information Exposure Through Log Files vulnerability in Google Cloud Firestore A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. | 5.5 |
2023-11-27 | CVE-2023-6287 | Information Exposure Through Log Files vulnerability in Tribe29 Checkmk Appliance Firmware Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | 5.5 |
2023-11-23 | CVE-2023-4677 | Information Exposure Through Log Files vulnerability in Artica Pandora FMS Cron log backup files contain administrator session IDs. | 9.8 |
2023-11-22 | CVE-2021-22143 | Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. | 4.3 |
2023-11-15 | CVE-2023-46672 | Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 5.5 |