CWE-1258 – Exposure of Sensitive System Information Due to Uncleared Debug Information | Common Weakness Enumeration（CWE）

概要

CWE-1258（Exposure of Sensitive System Information Due to Uncleared Debug Information）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2025-15480	2026-04-09	In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-deskt…
CVE-2025-14551	2026-04-09	In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include cer…
CVE-2026-26948	2026-03-18	Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug…
CVE-2025-26482	2025-09-25	Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, …
CVE-2025-32257	2025-04-04	Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This …
CVE-2024-36913	2024-05-30	In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memo…
CVE-2024-36912	2024-05-30	In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_en…
CVE-2023-48308	2023-12-22	Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is rec…
CVE-2022-43666	2023-11-14	Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access…
CVE-2022-39292	2022-10-10	Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed…
CVE-2022-31162	2022-07-22	Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was…

旧名称

Sensitive Information Uncleared During Hardware Debug Flows (2020-08-20)

コンテンツ投稿

名称: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
組織: Intel Corporation
日付: 2020-02-12
バージョン: 4.1

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2020-08-20	CWE Content Team	4.2	—	updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns, Relationships
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Observed_Examples
2024-07-16	CWE Content Team	4.15	—	updated Demonstrative_Examples, References
2025-12-11	CWE Content Team	4.19	—	updated Relationships, Weakness_Ordinalities

貢献

タイプ	名称	日付	コメント
Content	Mohamadreza Rostami, Shaza Zeitouni, Ahmad-Reza Sadeghi	2023-11-07	suggested demonstrative example
Content	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	2023-11-07	suggested demonstrative example