CVE-2021-22133

LOW Year: 2021
CVSS v3 Score
2.4
Low
CVSS v2 Score
2.7
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Related Vulnerabilities

CVE-2021-0991

LOW
CVSS:2.4(Low)

In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local informati...

CWE-5322021

CVE-2022-1157

LOW
CVSS:2.4(Low)

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to b...

CWE-5322022

CVE-2017-18412

LOW
CVSS:2.5(Low)

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

CWE-5322017

CVE-2019-10165

LOW
CVSS:2.3(Low)

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could rec...

CWE-5322019

CVE-2020-11932

LOW
CVSS:2.3(Low)

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

CWE-5322020

CVE-2021-41808

LOW
CVSS:2.3(Low)

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled b...

CWE-5322021