Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workload scenarios. Tigera Calico has a security vulnerability that arises from printing the complete connection configuration structure when calle...

Insertion of Sensitive Information into Log File

Overview github.com/authzed/spicedb/pkg/cmd/server is a Google Zanzibar-inspired fine-grained permissions database Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the configuration log output during startup when the log level is set to info...

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

CVE-2026-32598

The CVE concerns OneUptime. Before version 10.0.24, the password reset flow logged the full password reset URL, including the plaintext token, at INFO level by default in production. This allowed anyone with access to application logs (e.g., log aggregation, Docker logs, Kubernetes pod logs) to i...

CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

RustFS Logs Sensitive Credentials in Plaintext

Summary RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive...

CVE-2026-24762

CVE-2026-24762 affects RustFS up to alpha.81, where the server logs sensitive credential material (access key, secret key, session token) at INFO level, causing plaintext credentials in logs accessible to log consumers and potentially leading to credential compromise. Root cause: logging ofSTS cr...

BIT-APISIX-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

EUVD-2025-37317

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232

Apache APISIX is affected by a logging-related data exposure (CVE-2025-62232) where basic-auth credentials are written in plaintext to error logs and forwarded to log sinks when the log level is INFO/DEBUG. The issue is caused by logging sensitive data during normal operation, creating a high ris...

EUVD-2023-3054

Malicious code in bioql PyPI...

GO-2025-3718 Contrast workload secrets leak to logs on INFO level in github.com/edgelesssys/contrast

Contrast workload secrets leak to logs on INFO level in github.com/edgelesssys/contrast...

CVE-2023-47390

Headscale through 0.22.3 writes bearer tokens to info-level logs...

CVE-2024-37283

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

Sensitive Information Disclosure

github.com/goreleaser/goreleaser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the change in log output level from DEBUG to INFO, which could allow an attacker with access to the build logs to view sensitive environment information when the go build output is...

goreleaser shows environment by default

Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...

GHSA-F6MM-5FC7-3G3C goreleaser shows environment by default

Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...

CVE-2023-49923

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...

Insertion Of Sensitive Information Into Log File

github.com/juanfont/headscale is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due the HTTP api writting the whole bearer token to info-level logs...