目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-359 侵犯隐私 类漏洞列表 130

CWE-359 侵犯隐私 类弱点 130 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-359 指软件未能有效防止未授权主体访问个人私密信息,属于隐私泄露类漏洞。攻击者常利用身份验证缺陷、权限配置错误或接口逻辑漏洞,非法获取敏感数据。开发者应实施严格的访问控制策略,确保仅授权用户可访问数据,同时遵循最小权限原则,并对敏感信息进行加密存储与传输,从而杜绝非授权访问风险。

MITRE CWE 官方描述
CWE:CWE-359 向未授权主体暴露私人个人信息 英文:产品未能有效防止某人的私人、个人信息被以下主体访问:(1) 未明确获得访问该信息授权的人员;或 (2) 未获得信息所涉人员默示同意的人员。
常见影响 (1)
ConfidentialityRead Application Data
缓解措施 (3)
RequirementsIdentify and consult all relevant regulations for personal privacy. An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles. Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability a…
Architecture and DesignCarefully evaluate how secure design may interfere with privacy, and vice versa. Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which pri…
Implementation, OperationSome tools can automatically analyze documents to redact, strip, or "sanitize" private information, although some human review might be necessary. Tools may vary in terms of which document formats can be processed. When calling an external program to automatically generate or convert documents, invoke the program with any available options that avoid generating sensitive metada…
代码示例 (2)
The following code contains a logging statement that tracks the contents of records added to a database by storing them in a log file. Among other values that are stored, the getPassword() function returns the user-supplied plaintext password associated with the account.
pass = GetPassword(); ... dbmsLog.WriteLine(id + ":" + pass + ":" + type + ":" + tstamp);
Bad · C#
This code uses location to determine the user's current US State location.
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
Bad · XML
locationClient = new LocationClient(this, this, this); locationClient.connect(); Location userCurrLocation; userCurrLocation = locationClient.getLastLocation(); deriveStateFromCoords(userCurrLocation);
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-62362 Burgerportaal 安全漏洞 — GPP-burgerportaal 4.3AIMediumAI2025-10-13
CVE-2025-5009 Google Gemini iOS 安全漏洞 — Gemini 5.7AIMediumAI2025-10-08
CVE-2025-59843 Flag Forge 安全漏洞 — flagForge 5.3 -2025-09-26
CVE-2025-41685 SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞 — ennexos.sunnyportal.com 6.5 Medium2025-08-19
CVE-2025-53765 Microsoft Azure Stack 安全漏洞 — Azure Stack Hub 4.4 Medium2025-08-12
CVE-2025-54125 XWiki Platform 安全漏洞 — xwiki-platform 8.1AIHighAI2025-08-05
CVE-2025-54124 XWiki Platform 安全漏洞 — xwiki-platform 6.5AIMediumAI2025-08-05
CVE-2025-53625 DynamicPageList3 安全漏洞 — DynamicPageList3 5.3AIMediumAI2025-07-10
CVE-2025-53374 Dokploy 安全漏洞 — dokploy 4.3AIMediumAI2025-07-07
CVE-2025-6017 Red Hat Advanced Cluster Management 安全漏洞 5.5 Medium2025-07-02
CVE-2025-49715 Microsoft Dynamics 365 FastTrack Implementation 安全漏洞 — Dynamics 365 FastTrack Implementation 7.5 High2025-06-20
CVE-2025-49134 Weblate 安全漏洞 — weblate 5.3AIMediumAI2025-06-16
CVE-2025-5334 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 6.5AIMediumAI2025-05-29
CVE-2024-13953 ABB多款产品 安全漏洞 — ASPECT-Enterprise 4.9 Medium2025-05-22
CVE-2025-0679 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 4.3 Medium2025-05-22
CVE-2023-45721 HCL Leap 安全漏洞 — HCL Domino Leap 5.3 Medium2025-04-30
CVE-2023-45720 HCL Leap 安全漏洞 — HCL Leap 5.3 Medium2025-04-24
CVE-2024-42325 Zabbix 安全漏洞 — Zabbix 7.5AIHighAI2025-04-02
CVE-2024-10267 SuperAGI 安全漏洞 — transformeroptimus/superagi 7.5 -2025-03-20
CVE-2024-13228 WordPress plugin Qubely 安全漏洞 — Qubely – Advanced Gutenberg Blocks 4.3 Medium2025-03-11
CVE-2025-20060 Dario Health 安全漏洞 — USB-C Blood Glucose Monitoring System Starter Kit Android Applications 7.5 High2025-02-28
CVE-2024-13217 WordPress plugin Jeg Elementor Kit 安全漏洞 — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress 4.3 Medium2025-02-27
CVE-2025-20615 Qardio ARM A100 安全漏洞 — Heart Health IOS Mobile Application 6.2 Medium2025-02-13
CVE-2024-12041 WordPress plugin Directorist 安全漏洞 — Directorist: AI-Powered Business Directory, Listings & Classified Ads 5.3 Medium2025-02-01
CVE-2024-13216 WordPress plugin HT Event – WordPress Event Manager Plugin for Elementor 安全漏洞 — HT Event – WordPress Event Manager Plugin for Elementor 4.3 Medium2025-01-31
CVE-2025-0683 Contec Health CMS8000 Patient Monitor 安全漏洞 — CMS8000 Patient Monitor 5.9 Medium2025-01-30
CVE-2025-24355 Updatecli 安全漏洞 — updatecli 6.5 -2025-01-24
CVE-2024-13215 WordPress plugin Elementor Addon Elements 安全漏洞 — Addon Elements for Elementor (formerly Elementor Addon Elements) 4.3 Medium2025-01-15
CVE-2024-11396 WordPress plugin Event Monster 安全漏洞 — Event Monster – Manager & Ticket Booking 5.3 Medium2025-01-13
CVE-2024-41780 IBM Jazz Foundation 安全漏洞 — Jazz Foundation 4.2 Medium2025-01-03

CWE-359(侵犯隐私) 是常见的弱点类别,本平台收录该类弱点关联的 130 条 CVE 漏洞。