Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the process of logging error details during SQL query execution. An attacker can obtain sensitive information by intentionally causing SQL errors and subsequently accessing the log...

traQ Allows Insertion of Sensitive Information into Log File

Impact A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

PT-2025-24077 · WordPress · Simple History

Name of the Vulnerable Software and Affected Versions: The Simple History plugin for WordPress versions prior to 5.8.1 Description: The issue concerns sensitive data exposure due to improper sanitization within the append debug info to context function when Detective Mode is enabled. This allows...

Insertion of Sensitive Information into Log File

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger is being set to debug level. An attacker can access sensitive...

Insertion of Sensitive Information into Log File

Overview org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger ...

CVE-2025-27391

CVE-2025-27391 affects Apache ActiveMQ Artemis. When debug logging is enabled for the broker, the system logs all broker property values via the ConfigurationImpl logger, potentially exposing sensitive information. Affected versions are from 1.5.1 up to (but not including) 2.40.0. Impact is expos...

PT-2025-5783 · Ibm · Ibm Aspera Shares

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 Description: The issue allows an attacker to spoof their IP address, which is then written to log files, due to improper verification of Client-IP headers. Recommendations: For versions 1.9....

PT-2025-5363 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.55417 Description: The issue is related to the exposure of permanent tokens in logs, potentially allowing an attacker to obtain encrypted user credentials. This could be exploited through the...

PT-2024-13336 · Ibm · Ibm Cloud Pak For Multicloud Management

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 Description: The issue concerns the storage of user credentials in log files in plain clear text, which can be accessed by a privileged user. This results in the exposure of...

PT-2024-28016 · Sonarqube · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube versions prior to 10.4 SonarQube version 9.9.4 LTA and earlier Description: The issue concerns the potential exposure of encrypted values in cleartext as part of URL parameters in logs, such as SonarQube Access Logs and Proxy Logs...

PT-2024-12906 · Ibm · Ibm Watson Cp4D Data Stores

Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.0.0 through 4.8.4 Description: The issue concerns the storage of potentially sensitive information in log files by IBM Watson CP4D Data Stores, which could be accessed by a local user. Recommendations: F...

PT-2024-1642 · Splunk · Splunk Add-On Builder

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to improper handling of log output, allowing a remote attacker to write arbitrary information to internal log files. This can lead to the exposure of sensitive...

PT-2023-30439 · Headscale · Headscale

Name of the Vulnerable Software and Affected Versions: Headscale versions through 0.22.3 Description: The issue allows Headscale to write bearer tokens to info-level logs. Recommendations: For versions through 0.22.3, consider restricting log access to minimize the risk of exploitation. At the...

PT-2023-15696 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: A sensitive host secret is disclosed in the cmk-update-agent.log file, allowing an attacker to gain access to the...

PT-2022-3073 · Brocade · Brocade Sannav +1

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.2.0.2 Brocade SANnav versions prior to 2.1.1.8 Description: The issue is related to the storage of sensitive information in plain text. Specifically, the Brocade Fabric OS switch password is logged in plain...

PT-2021-16500 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: An issue was discovered in SaltStack Salt where salt.modules.cmdmod can log credentials to the info or error log level. Recommendations: For versions prior to 3002.5, update to version 3002...

PT-2016-1701 · Google · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.2.0-alpha.5 Description: The issue allows remote attackers to read arbitrary pod logs via a container name. This is related to a lack of protection for service data in the Kubernetes cluster management tool and...