目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-532 通过日志文件的信息暴露 类漏洞列表 604

CWE-532 通过日志文件的信息暴露 类弱点 604 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-532指将敏感信息写入日志文件的漏洞,属于信息泄露类安全风险。攻击者常通过读取服务器日志或访问日志存储位置,窃取密码、密钥或个人隐私数据,进而实施身份冒充或横向移动。开发者应避免在日志中记录明文凭证、会话令牌或敏感业务数据,采用数据脱敏、加密存储及严格的日志访问控制机制,确保仅记录必要的非敏感审计信息,从而降低数据泄露风险。

MITRE CWE 官方描述
CWE:CWE-532 将敏感信息写入日志文件 英文:The product writes sensitive information to a log file.
常见影响 (1)
ConfidentialityRead Application Data
Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.
缓解措施 (4)
Architecture and Design, ImplementationConsider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
DistributionRemove debug log files before deploying the application into production.
OperationProtect log files against unauthorized read/write.
ImplementationAdjust configurations appropriately when software is transitioned from a debug state to production.
代码示例 (2)
In the following code snippet, a user's full name and credit card number are written to a log file.
logger.info("Username: " + usernme + ", CCN: " + ccn);
Bad · Java
This code stores location information about the current user:
locationClient = new LocationClient(this, this, this); locationClient.connect(); currentUser.setLocation(locationClient.getLastLocation()); ... catch (Exception e) { AlertDialog.Builder builder = new AlertDialog.Builder(this); builder.setMessage("Sorry, this application has experienced an error."); AlertDialog alert = builder.create(); alert.show(); Log.e("ExampleActivity", "Caught exception: " + e + " While on User:" + User.toString()); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-42282 n8n-MCP HTTP模式下敏感工具调用参数泄露漏洞 — n8n-mcp 4.3 Medium2026-05-08
CVE-2026-41495 n8n-MCP 未授权请求泄露敏感日志漏洞 — n8n-mcp 5.3 Medium2026-05-08
CVE-2026-41004 Spring Cloud Config多版本敏感信息明文日志泄露 — Spring Cloud Config 4.4 Medium2026-05-07
CVE-2024-30151 HCL BigFix Service Management 访问控制漏洞 — BigFix Service Management (SM) 8.3 High2026-05-06
CVE-2026-7824 PaperCut Hive (Ricoh) 日志明文密码漏洞 — PaperCut Hive 6.5AIMediumAI2026-05-05
CVE-2026-40945 oxia 日志信息泄露漏洞 — oxia 7.5AIHighAI2026-04-21
CVE-2026-23775 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain appliances 7.6 High2026-04-17
CVE-2026-34164 Valtimo 安全漏洞 — valtimo 4.9 Medium2026-04-16
CVE-2025-43937 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.6 Medium2026-04-16
CVE-2026-31987 Apache Airflow 安全漏洞 — Apache Airflow 6.5AIMediumAI2026-04-16
CVE-2026-20205 Splunk MCP Server 安全漏洞 — Splunk MCP Server 7.2 High2026-04-15
CVE-2026-40091 SpiceDB 安全漏洞 — spicedb 6.0 Medium2026-04-14
CVE-2026-0207 Pure Storage FlashBlade 安全漏洞 — FlashBlade 7.5 -2026-04-14
CVE-2026-32218 Microsoft Windows Kernel 日志信息泄露漏洞 — Windows 10 Version 21H2 5.5 Medium2026-04-14
CVE-2026-32217 Microsoft Windows Kernel 日志信息泄露漏洞 — Windows 10 Version 1607 5.5 Medium2026-04-14
CVE-2026-32215 Microsoft Windows Kernel 日志信息泄露漏洞 — Windows 10 Version 1809 5.5 Medium2026-04-14
CVE-2026-2401 Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞 — PowerChute™ Serial Shutdown 6.5 -2026-04-14
CVE-2025-66236 Apache Airflow 安全漏洞 — Apache Airflow 9.6 -2026-04-13
CVE-2026-34487 Apache Tomcat 日志信息泄露漏洞 — Apache Tomcat 7.5AIHighAI2026-04-09
CVE-2026-4901 Hydrosystem Control System 日志信息泄露漏洞 — Control System 5.5AIMediumAI2026-04-09
CVE-2026-28261 Dell ObjectScale和Dell Elastic Cloud Storage 日志信息泄露漏洞 — Elastic Cloud Storage 7.8 High2026-04-08
CVE-2026-4788 IBM Tivoli Netcool Impact 日志信息泄露漏洞 — Tivoli Netcool Impact 8.4 High2026-04-08
CVE-2026-27315 Apache Cassandra 安全漏洞 — Apache Cassandra 6.5AIMediumAI2026-04-07
CVE-2019-25683 FileZilla 日志信息泄露漏洞 — FileZilla 6.2 Medium2026-04-05
CVE-2026-4819 Search Guard FLX 安全漏洞 — Search Guard FLX 4.9 Medium2026-03-31
CVE-2026-32982 OpenClaw 日志信息泄露漏洞 — OpenClaw 7.5 High2026-03-31
CVE-2026-4957 XAgent 日志信息泄露漏洞 — XAgent 2.7 Low2026-03-27
CVE-2024-11604 OpenText IDM Driver and Extensions 日志信息泄露漏洞 — IDM Driver and Extensions 5.5 -2026-03-27
CVE-2025-36187 IBM Knowledge Catalog Standard Cartridge 日志信息泄露漏洞 — Knowledge Catalog Standard Cartridge 4.4 Medium2026-03-25
CVE-2026-32598 OneUptime 日志信息泄露漏洞 — oneuptime 8.1 -2026-03-12

CWE-532(通过日志文件的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 604 条 CVE 漏洞。