kayx23 commented on code in PR #1971: URL: https://github.com/apache/apisix-website/pull/1971#discussion_r2480345015
########## blog/zh/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "将敏感信息插入日志文件 (CVE-2025-62232)" +keywords: +- Vulnerability +description: 通过登录 basic-auth 导致敏感数据暴露,导致明文用户名和密码写入错误日志,并在日志级别为 INFO/DEBUG 时转发到日志接收器。这会通过日志访问造成凭证泄露的高风险。 +tags: [Vulnerabilities] +image: https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png +--- + +> 对于 APISIX 版本 1.0>,登录 basic-auth 会导致将明文用户名和密码写入错误日志。 +<!--truncate--> + +## Problem Description + +通过登录 basic-auth 导致敏感数据暴露,导致明文用户名和密码写入错误日志,并在日志级别为 INFO/DEBUG 时转发到日志接收器。这会通过日志访问造成凭证泄露的高风险。 + +## Affected Versions + +此问题影响 Apache APISIX 版本:1.0 及 3.14 之前的所有版本。 + +## Solution + +建议用户升级到3.14版本,该版本修复了该问题。 + +## Vulnerability details + +Severity: Moderate Review Comment: not translated as well as the titles ########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png +--- + +> For APISIX versions 1.0>, logging in basic-auth leads to plaintext usernames and passwords written to error logs. +<!--truncate--> + +## Problem Description + +Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. Review Comment: ```suggestion Sensitive data exposure via logging in `basic-auth` leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. ``` ########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png +--- + +> For APISIX versions 1.0>, logging in basic-auth leads to plaintext usernames and passwords written to error logs. Review Comment: ```suggestion > For APISIX versions 1.0 and later, logging in basic-auth leads to plaintext usernames and passwords written to error logs. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
