Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:  https://github.com/apache/apisix/pull/12629 Users are recommended to upgrade to version 3.14, which fixes this issue.

N/A

通过日志文件的信息暴露

Apache Apisix 安全漏洞

Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路由和插件热加载，适合微服务体系下的 API 管理。 Apache Apisix存在安全漏洞，该漏洞源于basic-auth日志记录敏感数据，可能导致明文用户名和密码写入错误日志并转发到日志接收器，存在凭据泄露风险。

N/A

N/A