Java: CWE-532 sensitive info logging

## CVE ID(s)

*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*
CVE-2019-10212 (not reported by me)

There are many other examples of [this category](https://www.cvedetails.com/vulnerability-list.php?vendor_id=0&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=532&order=1&trc=133&sha=7aafd96afe25a46fb2e44e7eb3f74aa56c235dbb) in the CVE database.

PR: 
[Semmle/ql#3090](https://github.com/Semmle/ql/pull/3090)
[Semmle/ql#3487](https://github.com/Semmle/ql/pull/3487)

## Report

*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information are written to logs without properly set logging levels, it is accessible to potential attackers who gains access to the
file storage.


- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Java: CWE-532 sensitive info logging #51

CVE ID(s)

Report

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Java: CWE-532 sensitive info logging #51

Description

CVE ID(s)

Report

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions