Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-532
Total 493 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36321 1 Jetbrains 1 Teamcity 2022-07-27 N/A 6.5 MEDIUM
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
CVE-2022-32556 1 Couchbase 1 Couchbase Server 2022-07-27 N/A 7.5 HIGH
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
CVE-2019-15507 1 Octopus 1 Server 2022-07-27 3.5 LOW 6.5 MEDIUM
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.
CVE-2019-15508 1 Octopus 2 Server, Tentacle 2022-07-27 3.5 LOW 6.5 MEDIUM
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.
CVE-2019-8944 1 Octopus 2 Octopus Deploy, Octopus Server 2022-07-27 4.0 MEDIUM 6.5 MEDIUM
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
CVE-2018-11320 1 Octopus 1 Octopus Server 2022-07-27 5.0 MEDIUM 9.8 CRITICAL
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
CVE-2022-23141 1 Zte 2 Zxmp M721, Zxmp M721 Firmware 2022-07-22 N/A 7.5 HIGH
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
CVE-2021-22219 1 Gitlab 1 Gitlab 2022-07-22 4.0 MEDIUM 4.9 MEDIUM
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
CVE-2022-33911 1 Couchbase 1 Couchbase Server 2022-07-18 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
CVE-2022-33693 1 Google 1 Android 2022-07-15 2.1 LOW 2.3 LOW
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
CVE-2022-33737 1 Openvpn 1 Openvpn Access Server 2022-07-14 5.0 MEDIUM 7.5 HIGH
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
CVE-2022-27549 1 Hcltechsw 1 Hcl Launch 2022-07-14 2.1 LOW 5.5 MEDIUM
HCL Launch may store certain data for recurring activities in a plain text format.
CVE-2022-20768 1 Cisco 1 Telepresence Collaboration Endpoint 2022-07-14 3.5 LOW 4.9 MEDIUM
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
CVE-2021-39291 1 Netmodule 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more 2022-07-12 6.5 MEDIUM 8.8 HIGH
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-25284 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2022-07-12 1.9 LOW 4.4 MEDIUM
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-35299 1 Zammad 1 Zammad 2022-07-12 5.0 MEDIUM 7.5 HIGH
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVE-2021-39900 1 Gitlab 1 Gitlab 2022-07-12 4.0 MEDIUM 2.7 LOW
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
CVE-2021-21722 1 Zte 2 Zxv10 B860a, Zxv10 B860a Firmware 2022-07-12 2.1 LOW 4.4 MEDIUM
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.
CVE-2021-22184 1 Gitlab 1 Gitlab 2022-07-12 2.1 LOW 5.5 MEDIUM
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
CVE-2022-31098 1 Weave 1 Weave Gitops 2022-07-11 4.3 MEDIUM 7.5 HIGH
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability.