Przykłady dla CWE-532: Information Exposure Through Log Files - CXSecurity.com

	Tytuł	Data	Autor
Low	Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure	22.12.2017	CORE

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2022-05-09

Low

CVE-2022-28161

Vendor: Brocade
Software: Sannav

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

2022-05-05

Low	CVE-2022-27636	Vendor: F5 Software: Big-ip acces...	On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Low	CVE-2022-28859	Vendor: F5 Software: Big-ip acces...	On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

2022-04-27

Medium	CVE-2021-38939	Updating...	IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
Low	CVE-2022-29810	Vendor: Hashicorp Software: Go-getter	The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

2022-04-11

Low

CVE-2022-1157

Vendor: Gitlab
Software: Gitlab

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

2022-04-06

Medium

CVE-2021-45103

Vendor: WISC
Software: Htcondor

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.

2022-04-04

Medium

CVE-2022-27442

Vendor: Tpcms project
Software: Tpcms

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.

2022-03-31

Medium

CVE-2022-24758

Vendor: Jupyter
Software: Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.

2022-03-30

Low

CVE-2021-39739

Vendor: Google
Software: Android

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194

Copyright 2022, cxsecurity.com