Description
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.
Published: 2026-06-29
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker who can read system logs to view sensitive values that were inadvertently logged during a deployment or launch step. This results in a breach of confidential information and could reveal credentials, tokens, or other secrets stored in the logs. The weakness is a classic instance of CWE‑532, where sensitive information is logged without sufficient protection.

Affected Systems

The affected product is HCL DevOps Deploy / HCL Launch from HCLSoftware. No specific version details are provided, so any installation of the product that logs sensitive data during deployment may be vulnerable.

Risk and Exploitability

With a CVSS score of 4.3 the risk is moderate, and the EPSS score is not available, making exploitation probability unclear. The vulnerability is not listed in the CISA KEV catalog. An attacker must have read access to the logs, which typically requires local or elevated privileges, although remote compromise of the logging infrastructure could also provide the necessary access. Once obtained, the disclosed data could be used for privilege escalation, credential theft, or further attacks against downstream systems.

Generated by OpenCVE AI on June 29, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Configure HCL DevOps Deploy / HCL Launch to exclude sensitive values from log output, for example by enabling secret masking or by removing sensitive fields from log templates.
  • Restrict log file permissions so that only required service accounts and administrators can read them.
  • Apply available vendor patches or configuration updates that address the logging issue once released.

Generated by OpenCVE AI on June 29, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech devops Deploy
Vendors & Products Hcltech
Hcltech devops Deploy

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.
Title HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Hcltech Devops Deploy
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-29T13:58:43.773Z

Reserved: 2026-06-22T13:38:32.649Z

Link: CVE-2026-56457

cve-icon Vulnrichment

Updated: 2026-06-29T13:58:39.923Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:05:22Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File