Search criteria
6 vulnerabilities found for laf by laf
FKIE_CVE-2023-50253
Vulnerability from fkie_nvd - Published: 2024-01-03 17:15 - Updated: 2024-11-21 08:36
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/labring/laf/pull/1468 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/labring/laf/pull/1468 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| laf | laf | 0.1.5 | |
| laf | laf | 0.4.0 | |
| laf | laf | 0.4.1 | |
| laf | laf | 0.4.2 | |
| laf | laf | 0.4.3 | |
| laf | laf | 0.4.4 | |
| laf | laf | 0.4.5 | |
| laf | laf | 0.4.6 | |
| laf | laf | 0.4.7 | |
| laf | laf | 0.4.8 | |
| laf | laf | 0.4.9 | |
| laf | laf | 0.4.10 | |
| laf | laf | 0.4.11 | |
| laf | laf | 0.4.12 | |
| laf | laf | 0.4.13 | |
| laf | laf | 0.4.14 | |
| laf | laf | 0.4.15 | |
| laf | laf | 0.4.16 | |
| laf | laf | 0.4.17 | |
| laf | laf | 0.4.18 | |
| laf | laf | 0.4.19 | |
| laf | laf | 0.4.20 | |
| laf | laf | 0.4.21 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.1 | |
| laf | laf | 0.5.1 | |
| laf | laf | 0.5.2 | |
| laf | laf | 0.5.2 | |
| laf | laf | 0.5.3 | |
| laf | laf | 0.5.4 | |
| laf | laf | 0.5.4 | |
| laf | laf | 0.5.5 | |
| laf | laf | 0.5.5 | |
| laf | laf | 0.5.6 | |
| laf | laf | 0.5.7 | |
| laf | laf | 0.5.7 | |
| laf | laf | 0.5.8 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.1 | |
| laf | laf | 0.6.2 | |
| laf | laf | 0.6.3 | |
| laf | laf | 0.6.4 | |
| laf | laf | 0.6.5 | |
| laf | laf | 0.6.6 | |
| laf | laf | 0.6.7 | |
| laf | laf | 0.6.8 | |
| laf | laf | 0.6.9 | |
| laf | laf | 0.6.10 | |
| laf | laf | 0.6.11 | |
| laf | laf | 0.6.12 | |
| laf | laf | 0.6.13 | |
| laf | laf | 0.6.14 | |
| laf | laf | 0.6.15 | |
| laf | laf | 0.6.16 | |
| laf | laf | 0.6.17 | |
| laf | laf | 0.6.18 | |
| laf | laf | 0.6.19 | |
| laf | laf | 0.6.20 | |
| laf | laf | 0.6.21 | |
| laf | laf | 0.6.22 | |
| laf | laf | 0.6.23 | |
| laf | laf | 0.7.0 | |
| laf | laf | 0.7.1 | |
| laf | laf | 0.7.2 | |
| laf | laf | 0.7.3 | |
| laf | laf | 0.7.4 | |
| laf | laf | 0.7.5 | |
| laf | laf | 0.7.6 | |
| laf | laf | 0.7.7 | |
| laf | laf | 0.7.8 | |
| laf | laf | 0.7.9 | |
| laf | laf | 0.7.10 | |
| laf | laf | 0.7.11 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.1 | |
| laf | laf | 0.8.2 | |
| laf | laf | 0.8.3 | |
| laf | laf | 0.8.4 | |
| laf | laf | 0.8.5 | |
| laf | laf | 0.8.5 | |
| laf | laf | 0.8.6 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.8 | |
| laf | laf | 0.8.9 | |
| laf | laf | 0.8.10 | |
| laf | laf | 0.8.11 | |
| laf | laf | 0.8.12 | |
| laf | laf | 0.8.13 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8FDC6F83-024F-4C40-83E0-D8AFB3FE4ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C82022C-C019-4F89-8969-C2A593F54BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A9A51882-1741-408B-BD11-6E6B573F9F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:-:*:*:*:*:*:*",
"matchCriteriaId": "9F93AD7E-4AF3-4A87-A907-E23ABEEF162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D86C813A-F2E7-497D-9A40-00E7011E5CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:-:*:*:*:*:*:*",
"matchCriteriaId": "5478B773-5286-4275-B75F-29FC6686402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "75F09F04-C6B9-4813-8F60-5F05B281EDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E2CFA164-92C3-482E-94D2-051789C174CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:-:*:*:*:*:*:*",
"matchCriteriaId": "25AF57B0-7EAC-4D84-BE8B-C6208D7B3D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6CD79762-5AB9-436F-A14C-936C224C08C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
},
{
"lang": "es",
"value": "Laf es una plataforma de desarrollo en la nube. En el dise\u00f1o de la versi\u00f3n Laf, el registro utiliza la comunicaci\u00f3n con k8s para recuperar r\u00e1pidamente los registros del contenedor sin necesidad de almacenamiento adicional. Sin embargo, en la versi\u00f3n 1.0.0-beta.13 y anteriores, esta interfaz no verifica los permisos del pod, lo que permite a los usuarios autenticados obtener cualquier registro del pod bajo el mismo espacio de nombres a trav\u00e9s de este m\u00e9todo, obteniendo as\u00ed informaci\u00f3n confidencial impresa en los registros. Al momento de la publicaci\u00f3n, no existen versiones parcheadas conocidas."
}
],
"id": "CVE-2023-50253",
"lastModified": "2024-11-21T08:36:45.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-03T17:15:11.387",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/pull/1468"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/pull/1468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48225
Vulnerability from fkie_nvd - Published: 2023-12-12 21:15 - Updated: 2024-11-21 08:31
Severity ?
8.9 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| laf | laf | 0.1.5 | |
| laf | laf | 0.4.0 | |
| laf | laf | 0.4.1 | |
| laf | laf | 0.4.2 | |
| laf | laf | 0.4.3 | |
| laf | laf | 0.4.4 | |
| laf | laf | 0.4.5 | |
| laf | laf | 0.4.6 | |
| laf | laf | 0.4.7 | |
| laf | laf | 0.4.8 | |
| laf | laf | 0.4.9 | |
| laf | laf | 0.4.10 | |
| laf | laf | 0.4.11 | |
| laf | laf | 0.4.12 | |
| laf | laf | 0.4.13 | |
| laf | laf | 0.4.14 | |
| laf | laf | 0.4.15 | |
| laf | laf | 0.4.16 | |
| laf | laf | 0.4.17 | |
| laf | laf | 0.4.18 | |
| laf | laf | 0.4.19 | |
| laf | laf | 0.4.20 | |
| laf | laf | 0.4.21 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.0 | |
| laf | laf | 0.5.1 | |
| laf | laf | 0.5.1 | |
| laf | laf | 0.5.2 | |
| laf | laf | 0.5.2 | |
| laf | laf | 0.5.3 | |
| laf | laf | 0.5.4 | |
| laf | laf | 0.5.4 | |
| laf | laf | 0.5.5 | |
| laf | laf | 0.5.5 | |
| laf | laf | 0.5.6 | |
| laf | laf | 0.5.7 | |
| laf | laf | 0.5.7 | |
| laf | laf | 0.5.8 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.0 | |
| laf | laf | 0.6.1 | |
| laf | laf | 0.6.2 | |
| laf | laf | 0.6.3 | |
| laf | laf | 0.6.4 | |
| laf | laf | 0.6.5 | |
| laf | laf | 0.6.6 | |
| laf | laf | 0.6.7 | |
| laf | laf | 0.6.8 | |
| laf | laf | 0.6.9 | |
| laf | laf | 0.6.10 | |
| laf | laf | 0.6.11 | |
| laf | laf | 0.6.12 | |
| laf | laf | 0.6.13 | |
| laf | laf | 0.6.14 | |
| laf | laf | 0.6.15 | |
| laf | laf | 0.6.16 | |
| laf | laf | 0.6.17 | |
| laf | laf | 0.6.18 | |
| laf | laf | 0.6.19 | |
| laf | laf | 0.6.20 | |
| laf | laf | 0.6.21 | |
| laf | laf | 0.6.22 | |
| laf | laf | 0.6.23 | |
| laf | laf | 0.7.0 | |
| laf | laf | 0.7.1 | |
| laf | laf | 0.7.2 | |
| laf | laf | 0.7.3 | |
| laf | laf | 0.7.4 | |
| laf | laf | 0.7.5 | |
| laf | laf | 0.7.6 | |
| laf | laf | 0.7.7 | |
| laf | laf | 0.7.8 | |
| laf | laf | 0.7.9 | |
| laf | laf | 0.7.10 | |
| laf | laf | 0.7.11 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.0 | |
| laf | laf | 0.8.1 | |
| laf | laf | 0.8.2 | |
| laf | laf | 0.8.3 | |
| laf | laf | 0.8.4 | |
| laf | laf | 0.8.5 | |
| laf | laf | 0.8.5 | |
| laf | laf | 0.8.6 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.7 | |
| laf | laf | 0.8.8 | |
| laf | laf | 0.8.9 | |
| laf | laf | 0.8.10 | |
| laf | laf | 0.8.11 | |
| laf | laf | 0.8.12 | |
| laf | laf | 0.8.13 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 | |
| laf | laf | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B12D130-69C1-4133-9379-715F0AFD56DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B5CB3-37B8-4F29-8159-103811F61ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACC132E-79A3-441E-8A46-B2022329A6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94853-0FBE-4CE5-9F44-A647724F6CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CCF2B5-972A-43A5-9707-50D7E328516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E23AF7-DB5E-4A7C-9CA5-EEBA2CEAD6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBD9D88-2E0B-47FF-9A66-8C72C96D016C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB965C-2F16-4298-8E07-2DE2D1D3528F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCF699B-2394-4ECE-9BBF-A740FF942976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BFA988-05C2-4A3D-B507-648739A27A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "A529B7EA-CF43-4D68-9415-F1A6C5E0B485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."
},
{
"lang": "es",
"value": "Laf es una plataforma de desarrollo en la nube. Antes de la versi\u00f3n 1.0.0-beta.13, el control del entorno de la aplicaci\u00f3n LAF no era lo suficientemente estricto y, en ciertos escenarios del entorno de privatizaci\u00f3n, puede provocar una filtraci\u00f3n de informaci\u00f3n confidencial en secreto y en el mapa de configuraci\u00f3n. En la sintaxis de ES6, si un objeto hace referencia directamente a otro objeto, el nombre del propio objeto se utilizar\u00e1 como clave y toda la estructura del objeto se integrar\u00e1 intacta. Al construir la instancia de implementaci\u00f3n de la aplicaci\u00f3n, se encontr\u00f3 env en la base de datos y se insert\u00f3 directamente en la plantilla, lo que result\u00f3 en controlabilidad aqu\u00ed. La informaci\u00f3n confidencial en el mapa secreto y de configuraci\u00f3n se puede leer a trav\u00e9s del campo envFrom de k8s. En un entorno de privatizaci\u00f3n, cuando `namespaceConf. fijo` est\u00e1 marcado, puede provocar la fuga de informaci\u00f3n confidencial en el sistema. Al momento de la publicaci\u00f3n, no est\u00e1 claro si existen parches o workarounds."
}
],
"id": "CVE-2023-48225",
"lastModified": "2024-11-21T08:31:14.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T21:15:08.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2023-50253 (GCVE-0-2023-50253)
Vulnerability from cvelistv5 – Published: 2024-01-03 16:45 – Updated: 2025-06-09 18:48
VLAI?
Title
laf logs leak
Summary
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.
Severity ?
9.7 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"name": "https://github.com/labring/laf/pull/1468",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/pull/1468"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:47:07.940532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:48:18.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "laf",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T16:45:11.778Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"name": "https://github.com/labring/laf/pull/1468",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/pull/1468"
}
],
"source": {
"advisory": "GHSA-g9c8-wh35-g75f",
"discovery": "UNKNOWN"
},
"title": "laf logs leak"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50253",
"datePublished": "2024-01-03T16:45:11.778Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2025-06-09T18:48:18.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48225 (GCVE-0-2023-48225)
Vulnerability from cvelistv5 – Published: 2023-12-12 20:33 – Updated: 2024-08-02 21:23
VLAI?
Title
Laf env causes sensitive information disclosure
Summary
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.
Severity ?
8.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "laf",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0-beta13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:33:40.959Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
}
],
"source": {
"advisory": "GHSA-hv2g-gxx4-fwxp",
"discovery": "UNKNOWN"
},
"title": "Laf env causes sensitive information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48225",
"datePublished": "2023-12-12T20:33:40.959Z",
"dateReserved": "2023-11-13T13:25:18.480Z",
"dateUpdated": "2024-08-02T21:23:39.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50253 (GCVE-0-2023-50253)
Vulnerability from nvd – Published: 2024-01-03 16:45 – Updated: 2025-06-09 18:48
VLAI?
Title
laf logs leak
Summary
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.
Severity ?
9.7 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"name": "https://github.com/labring/laf/pull/1468",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/pull/1468"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:47:07.940532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:48:18.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "laf",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T16:45:11.778Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"name": "https://github.com/labring/laf/pull/1468",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/pull/1468"
}
],
"source": {
"advisory": "GHSA-g9c8-wh35-g75f",
"discovery": "UNKNOWN"
},
"title": "laf logs leak"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50253",
"datePublished": "2024-01-03T16:45:11.778Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2025-06-09T18:48:18.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48225 (GCVE-0-2023-48225)
Vulnerability from nvd – Published: 2023-12-12 20:33 – Updated: 2024-08-02 21:23
VLAI?
Title
Laf env causes sensitive information disclosure
Summary
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.
Severity ?
8.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "laf",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0-beta13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:33:40.959Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"
},
{
"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"
}
],
"source": {
"advisory": "GHSA-hv2g-gxx4-fwxp",
"discovery": "UNKNOWN"
},
"title": "Laf env causes sensitive information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48225",
"datePublished": "2023-12-12T20:33:40.959Z",
"dateReserved": "2023-11-13T13:25:18.480Z",
"dateUpdated": "2024-08-02T21:23:39.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}