CWE-779
Logging of Excessive Data
Extended description
While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator's ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.
Common consequences3
- AvailabilityDoS: Resource Consumption (CPU)DoS: Resource Consumption (Other)
Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system.
- Non-RepudiationHide Activities
Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack.
- Non-RepudiationHide Activities
If system administrators are unable to effectively process log files, attempted attacks may go undetected, possibly leading to eventual system compromise.
Potential mitigations3
- Architecture and Design
Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events.
- Architecture and Design
Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system.
- Implementation
Adjust configurations appropriately when the product is transitioned from a debug state to production.
Relationships1
- ChildOfCWE-400
CVEs referencing this CWE22
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2024-36416 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | HIGH7.5 | 1.95%p78 | PoC | 2025-02-13 |
| CVE-2024-36072 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges. | CRITICAL9.8 | 1.01%p59 | 2026-04-15 | |
| CVE-2022-31004 | CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | HIGH7.5 | 0.92%p55 | 2025-04-22 | |
| CVE-2025-51397 | A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists. | MEDIUM5.4 | 0.80%p52 | PoC | 2025-08-07 |
| CVE-2024-55628 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8. | HIGH7.5 | 0.67%p47 | 2025-03-31 | |
| CVE-2023-23949 | An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | MEDIUM5.4 | 0.56%p42 | 2025-04-02 | |
| CVE-2022-25779 | Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. | MEDIUM4.3 | 0.51%p39 | 2024-11-21 | |
| CVE-2025-8696 | If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0. | HIGH7.5 | 0.41%p33 | 2026-04-15 | |
| CVE-2025-53651 | Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. | MEDIUM6.3 | 0.41%p33 | 2025-11-05 | |
| CVE-2026-28718 | Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | HIGH7.5 | 0.34%p26 | 2026-03-12 | |
| CVE-2025-69230 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. This issue is fixed in 3.13.3. | MEDIUM5.3 | 0.33%p25 | 2026-01-14 | |
| CVE-2025-53650 | Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log. | HIGH7.3 | 0.32%p24 | 2025-11-05 | |
| CVE-2025-53636 | Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6. | MEDIUM5.4 | 0.28%p19 | 2026-04-15 | |
| CVE-2021-25420 | Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | MEDIUM5.5 | 0.24%p15 | 2024-11-21 | |
| CVE-2021-25421 | Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | MEDIUM5.5 | 0.24%p15 | 2024-11-21 | |
| CVE-2021-25423 | Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | MEDIUM5.5 | 0.24%p15 | 2024-11-21 | |
| CVE-2021-25422 | Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | MEDIUM5.5 | 0.24%p15 | 2024-11-21 | |
| CVE-2024-1141 | A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. | MEDIUM5.5 | 0.23%p13 | 2025-11-20 | |
| CVE-2026-20210 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user. | MEDIUM5.4 | 0.19%p9 | 2026-05-15 | |
| CVE-2026-20209 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user. | MEDIUM5.4 | 0.19%p9 | 2026-05-15 | |
| CVE-2022-39874 | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | MEDIUM5.5 | 0.18%p7 | 2024-11-21 | |
| CVE-2022-22291 | Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | MEDIUM5.5 | 0.10%p1 | 2024-11-21 |