User-supplied data such as scripts, control characters, escape sequences, or code fragments may be written to audit logs without proper encoding or sanitization. This can result in malformed or unexpected log entries that could disrupt or compromise systems that process or display these logs, including log viewers or downstream services.
Management / Auditlog / Threats / DEV
Insufficient encoding of audit logs
CCC.AUDITLOG.TH04
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.AuditLog.CP03 | Sink | Ability to continually stream audit log data to a hosted storage bucket or data lake solution. |
| CCC.AuditLog.CP08 | External Sink | Audit log events can be configured to be sent to a external SIEM or data analysis provider outside of the cloud platform. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| OWASPTOP10 | A03:2021 | |
| OWASPTOP10 | A09:2021 | |
| CWE | CWE-79 | |
| CWE | CWE-117 | |
| CWE | CWE-116 |