Title: Java: CWE-532 sensitive info logging · Issue #51 · github/securitylab · GitHub
Open Graph Title: Java: CWE-532 sensitive info logging · Issue #51 · github/securitylab
X Title: Java: CWE-532 sensitive info logging · Issue #51 · github/securitylab
Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2019-10212 (not reported by me) There are many other examples of this category in the CVE databa...
Open Graph Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2019-10212 (not reported by me) There are many other exa...
X Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2019-10212 (not reported by me) There are many other exa...
Opengraph URL: https://github.com/github/securitylab/issues/51
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Java: CWE-532 sensitive info logging","articleBody":"## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\nCVE-2019-10212 (not reported by me)\r\n\r\nThere are many other examples of [this category](https://www.cvedetails.com/vulnerability-list.php?vendor_id=0\u0026product_id=0\u0026version_id=0\u0026page=1\u0026hasexp=0\u0026opdos=0\u0026opec=0\u0026opov=0\u0026opcsrf=0\u0026opgpriv=0\u0026opsqli=0\u0026opxss=0\u0026opdirt=0\u0026opmemc=0\u0026ophttprs=0\u0026opbyp=0\u0026opfileinc=0\u0026opginf=0\u0026cvssscoremin=0\u0026cvssscoremax=0\u0026year=0\u0026month=0\u0026cweid=532\u0026order=1\u0026trc=133\u0026sha=7aafd96afe25a46fb2e44e7eb3f74aa56c235dbb) in the CVE database.\r\n\r\nPR: \r\n[Semmle/ql#3090](https://github.com/Semmle/ql/pull/3090)\r\n[Semmle/ql#3487](https://github.com/Semmle/ql/pull/3487)\r\n\r\n## Report\r\n\r\n*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*\r\n\r\nInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information are written to logs without properly set logging levels, it is accessible to potential attackers who gains access to the\r\nfile storage.\r\n\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n","author":{"url":"https://github.com/luchua-bc","@type":"Person","name":"luchua-bc"},"datePublished":"2020-03-18T23:54:13.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":18},"url":"https://github.com/51/securitylab/issues/51"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:c3e2cd67-f03b-01b7-307f-193b0d5e0e5e |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | B7CE:327B79:3132E7D:45DD086:6A4D0C15 |
| html-safe-nonce | 3f884410d3ed35f767a4ddfc4a29344d45d9390349056202ab101061d8c2be3e |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCN0NFOjMyN0I3OTozMTMyRTdEOjQ1REQwODY6NkE0RDBDMTUiLCJ2aXNpdG9yX2lkIjoiODkxMTIzNjg4ODEyOTI0NDE4MSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | f23a2c4cc0a93d4164e37477cc371e3739840274dc39d1fb34cc83f308e007f4 |
| hovercard-subject-tag | issue:584070738 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/51/issue_layout |
| twitter:image | https://opengraph.githubassets.com/c722c48448f79cc4ad0ceb5a8418b69dbe70c70b03b3a2fbd5e418edf7ad2989/github/securitylab/issues/51 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/c722c48448f79cc4ad0ceb5a8418b69dbe70c70b03b3a2fbd5e418edf7ad2989/github/securitylab/issues/51 |
| og:image:alt | CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2019-10212 (not reported by me) There are many other exa... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luchua-bc |
| hostname | github.com |
| expected-hostname | github.com |
| None | bcb4661e6fb4fe8b394c51ea02ccdb2236d40dc59afc75a3bbba50bf6517134c |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | fb70bd3c4b2bec429781b65419e912c66e2d5581 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width