Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger is being set to debug level. An attacker can access sensitive broker properties by exploiting the verbose logging configuration. Workaround This...

Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

GHSA-PM4J-P7PM-FPVX Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

CVE-2025-27391

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

CVE-2025-27391 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

CVE-2025-27391 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. An attacker with access to the log files can gain access to Apache Kafka credentials by accessing these application logs. Remediation Upgrade...

Patch Tuesday, April 2025 Edition

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcontents could...

The vulnerability of the Windows Common Log File System (CLFS) driver in Windows operating systems allows a hacker to elevate their privileges to a system-level level.

The vulnerability of the Windows Common Log File System CLFS driver in Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their system-level privileges...

Patch Tuesday - April 2025

Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

Exploitation of CLFS zero-day leads to ransomware activity

Microsoft Threat Intelligence Center MSTIC and Microsoft Security Response Center MSRC have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System CLFS against a small number of targets. The targets include organizations in...

CVE-2025-29824 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2025-29824

CVE-2025-29824 is a Use-After-Free vulnerability in the Windows Common Log File System Driver (CLFS) kernel driver, caused by a race condition in W32PROCESS handling via WaitForInputIdle that enables local privilege escalation to SYSTEM. Microsoft patched this in April 2025 (KB5044284). Public ex...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30406link is external Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability CVE-2025-29824link is external Microsoft Windows Common Log File...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Azure Local Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

PT-2025-15491 · Microsoft · Azure Local Cluster

Name of the Vulnerable Software and Affected Versions: Azure Local Cluster affected versions not specified Description: The issue allows an authorized attacker to disclose sensitive information over an adjacent network by inserting it into a log file in an Azure Local Cluster. This can potentiall...

Microsoft Windows Common Log File System Driver 资源管理错误漏洞

The Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access...

VulnCheck KEV: CVE-2025-29824

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...