目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-532 通过日志文件的信息暴露 类漏洞列表 622

CWE-532 通过日志文件的信息暴露 类弱点 622 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-532指将敏感信息写入日志文件的漏洞,属于信息泄露类安全风险。攻击者常通过读取服务器日志或访问日志存储位置,窃取密码、密钥或个人隐私数据,进而实施身份冒充或横向移动。开发者应避免在日志中记录明文凭证、会话令牌或敏感业务数据,采用数据脱敏、加密存储及严格的日志访问控制机制,确保仅记录必要的非敏感审计信息,从而降低数据泄露风险。

MITRE CWE 官方描述
CWE:CWE-532 将敏感信息写入日志文件 英文:The product writes sensitive information to a log file.
常见影响 (1)
ConfidentialityRead Application Data
Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.
缓解措施 (4)
Architecture and Design, ImplementationConsider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
DistributionRemove debug log files before deploying the application into production.
OperationProtect log files against unauthorized read/write.
ImplementationAdjust configurations appropriately when software is transitioned from a debug state to production.
代码示例 (2)
In the following code snippet, a user's full name and credit card number are written to a log file.
logger.info("Username: " + usernme + ", CCN: " + ccn);
Bad · Java
This code stores location information about the current user:
locationClient = new LocationClient(this, this, this); locationClient.connect(); currentUser.setLocation(locationClient.getLastLocation()); ... catch (Exception e) { AlertDialog.Builder builder = new AlertDialog.Builder(this); builder.setMessage("Sorry, this application has experienced an error."); AlertDialog alert = builder.create(); alert.show(); Log.e("ExampleActivity", "Caught exception: " + e + " While on User:" + User.toString()); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-40619 Security Center部分版本本地权限提升漏洞 — Genetec Security Center 7.8 High2026-06-02
CVE-2026-49200 Acer Wave 7 router 安全漏洞 — Wave 7 router--2026-05-29
CVE-2026-6720 Tigera Calico 安全漏洞 — Calico--2026-05-28
CVE-2026-41185 Tigera Calico 安全漏洞 — Calico--2026-05-28
CVE-2026-41184 Tigera Calico 安全漏洞 — Calico--2026-05-28
CVE-2026-32996 Veeam Agent for Microsoft Windows 安全漏洞 — Backup and Replication--2026-05-28
CVE-2026-2607 IBM MQ Operator和IBM supplied MQ Advanced container images 日志信息泄露漏洞 — MQ Operator 5.1 Medium2026-05-27
CVE-2025-13755 IBM Db2 日志信息泄露漏洞 — Db2 5.5 Medium2026-05-26
CVE-2026-25193 Gallagher Command Centre Service 安全漏洞 — Command Centre Server 8.1 High2026-05-25
CVE-2021-21508 Dell VxRail 日志信息泄露漏洞 — VxRail 6.7 Medium2026-05-22
CVE-2026-8671 Avantra 安全漏洞 — Avantra 7.5 High2026-05-22
CVE-2026-44052 Netatalk 日志信息泄露漏洞 — Netatalk 7.5 High2026-05-21
CVE-2026-20239 Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞 — Splunk Enterprise 7.5 High2026-05-20
CVE-2026-44516 Valtimo 日志信息泄露漏洞 — valtimo 7.6 High2026-05-14
CVE-2026-41219 F5 BIG-IP 日志信息泄露漏洞 — BIG-IP 6.5 Medium2026-05-13
CVE-2026-8200 MongoDB Server 日志信息泄露漏洞 — MongoDB Server 2.7 Low2026-05-13
CVE-2026-41018 Apache Airflow 日志信息泄露漏洞 — Apache Airflow Providers Elasticsearch--2026-05-11
CVE-2026-43826 Apache Airflow 日志信息泄露漏洞 — Apache Airflow Providers OpenSearch--2026-05-11
CVE-2026-42282 n8n-MCP 日志信息泄露漏洞 — n8n-mcp 4.3 Medium2026-05-08
CVE-2026-41495 n8n-MCP 日志信息泄露漏洞 — n8n-mcp 5.3 Medium2026-05-08
CVE-2026-41004 VMware Spring Cloud Config 日志信息泄露漏洞 — Spring Cloud Config 4.4 Medium2026-05-07
CVE-2024-30151 HCL BigFix Service Management 日志信息泄露漏洞 — BigFix Service Management (SM) 8.3 High2026-05-06
CVE-2026-7824 PaperCut Hive 日志信息泄露漏洞 — PaperCut Hive 6.5 -2026-05-05
CVE-2026-40945 oxia 日志信息泄露漏洞 — oxia 7.5AIHighAI2026-04-21
CVE-2026-23775 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain appliances 7.6 High2026-04-17
CVE-2026-34164 Valtimo 安全漏洞 — valtimo 4.9 Medium2026-04-16
CVE-2025-43937 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.6 Medium2026-04-16
CVE-2026-31987 Apache Airflow 安全漏洞 — Apache Airflow 6.5AIMediumAI2026-04-16
CVE-2026-20205 Splunk MCP Server 安全漏洞 — Splunk MCP Server 7.2 High2026-04-15
CVE-2026-40091 SpiceDB 安全漏洞 — spicedb 6.0 Medium2026-04-14

CWE-532(通过日志文件的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 622 条 CVE 漏洞。