Filtered by CWE-532
Total 864 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-38732 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-11-21 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
CVE-2023-38067 1 Jetbrains 1 Teamcity 2024-11-21 4.3 Medium
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVE-2023-38064 1 Jetbrains 1 Teamcity 2024-11-21 4.3 Medium
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVE-2023-37224 1 Archerirm 1 Archer 2024-11-21 6 Medium
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
CVE-2023-36649 1 Prolion 1 Cryptospike 2024-11-21 9.1 Critical
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
CVE-2023-36494 1 F5 1 F5os-a 2024-11-21 4.4 Medium
Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-33001 1 Jenkins 1 Hashicorp Vault 2024-11-21 7.5 High
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2023-32491 1 Dell 1 Powerscale Onefs 2024-11-21 6.3 Medium
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
CVE-2023-32478 1 Dell 1 Powerstoreos 2024-11-21 9 Critical
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
CVE-2023-32468 1 Dell 1 Ecs Streamer 2024-11-21 5.8 Medium
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.
CVE-2023-32455 1 Dell 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more 2024-11-21 5.5 Medium
Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
CVE-2023-32447 1 Dell 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more 2024-11-21 5.5 Medium
Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
CVE-2023-32446 1 Dell 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more 2024-11-21 5.5 Medium
Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
CVE-2023-32283 1 Intel 1 On Demand 2024-11-21 5.5 Medium
Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-31426 1 Broadcom 1 Fabric Operating System 2024-11-21 6.8 Medium
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
CVE-2023-31422 1 Elastic 1 Kibana 2024-11-21 9 Critical
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.
CVE-2023-31417 1 Elastic 1 Elasticsearch 2024-11-21 4.1 Medium
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.
CVE-2023-31413 1 Elastic 1 Filebeat 2024-11-21 3.3 Low
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
CVE-2023-31207 1 Checkmk 1 Checkmk 2024-11-21 4.4 Medium
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
CVE-2023-31056 1 Cloverdx 1 Cloverdx 2024-11-21 9.1 Critical
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.