Vulnerabilities (CVE)

Filtered by CWE-532
Total 766 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40405 1 Apple 1 Macos 2024-11-21 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.
CVE-2023-40392 1 Apple 3 Ipados, Iphone Os, Macos 2024-11-21 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.
CVE-2023-40338 1 Jenkins 1 Folders 2024-11-21 N/A 4.3 MEDIUM
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
CVE-2023-40029 1 Argoproj 1 Argo Cd 2024-11-21 N/A 9.9 CRITICAL
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.
CVE-2023-3993 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.9 MEDIUM
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.
CVE-2023-3363 1 Gitlab 1 Gitlab 2024-11-21 N/A 3.9 LOW
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.
CVE-2023-3350 1 Ayesa 1 Ibermatica Rps 2024-11-21 N/A 8.2 HIGH
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.
CVE-2023-3349 1 Ayesa 1 Ibermatica Rps 2024-11-21 N/A 8.2 HIGH
Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.
CVE-2023-3335 2 Hitachi, Linux 2 Ops Center Administrator, Linux Kernel 2024-11-21 N/A 6.5 MEDIUM
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
CVE-2023-39447 1 F5 2 Big-ip Access Policy Manager, Big-ip Guided Configuration 2024-11-21 N/A 4.4 MEDIUM
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-39348 1 Linuxfoundation 1 Spinnaker 2024-11-21 N/A 4.0 MEDIUM
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.
CVE-2023-38067 1 Jetbrains 1 Teamcity 2024-11-21 N/A 4.3 MEDIUM
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVE-2023-38064 1 Jetbrains 1 Teamcity 2024-11-21 N/A 4.3 MEDIUM
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVE-2023-37224 1 Archerirm 1 Archer 2024-11-21 N/A 6.0 MEDIUM
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
CVE-2023-36649 1 Prolion 1 Cryptospike 2024-11-21 N/A 9.1 CRITICAL
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
CVE-2023-36494 1 F5 1 F5os-a 2024-11-21 N/A 4.4 MEDIUM
Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-35695 1 Trendmicro 1 Mobile Security 2024-11-21 N/A 7.5 HIGH
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
CVE-2023-34223 1 Jetbrains 1 Teamcity 2024-11-21 N/A 4.3 MEDIUM
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVE-2023-34097 1 Hoppscotch 1 Hoppscotch 2024-11-21 N/A 7.8 HIGH
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-33001 1 Jenkins 1 Hashicorp Vault 2024-11-21 N/A 7.5 HIGH
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.