Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
laf logs leak
Vulnerability Description
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Laf 信息泄露漏洞
Vulnerability Description
Laf是labring实验室的一个云开发平台。 Laf 1.0.0-beta.13及之前版本存在信息泄露漏洞,该漏洞源于允许经过身份验证的攻击者获取同一命名空间下的Pod日志中的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A