{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48225", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-13T13:25:18.480Z", "datePublished": "2023-12-12T20:33:40.959Z", "dateUpdated": "2024-08-02T21:23:39.023Z"}, "containers": {"cna": {"title": "Laf env causes sensitive information disclosure", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"}, {"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"}, {"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306", "tags": ["x_refsource_MISC"], "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"}], "affected": [{"vendor": "labring", "product": "laf", "versions": [{"version": "< 1.0.0-beta13", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-12T20:33:40.959Z"}, "descriptions": [{"lang": "en", "value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."}], "source": {"advisory": "GHSA-hv2g-gxx4-fwxp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:23:39.023Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"}, {"name": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"}, {"name": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*", "matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B12D130-69C1-4133-9379-715F0AFD56DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*", "matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C9B5CB3-37B8-4F29-8159-103811F61ED8", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*", "matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "6ACC132E-79A3-441E-8A46-B2022329A6F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*", "matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1D94853-0FBE-4CE5-9F44-A647724F6CA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*", "matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "C6CCF2B5-972A-43A5-9707-50D7E328516D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*", "matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A2E23AF7-DB5E-4A7C-9CA5-EEBA2CEAD6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*", "matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*", "matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEBD9D88-2E0B-47FF-9A66-8C72C96D016C", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*", "matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "71CB965C-2F16-4298-8E07-2DE2D1D3528F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*", "matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "DCCF699B-2394-4ECE-9BBF-A740FF942976", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*", "matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "C8BFA988-05C2-4A3D-B507-648739A27A3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*", "matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*", "matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*", "matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*", "matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*", "matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "A529B7EA-CF43-4D68-9415-F1A6C5E0B485", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."}, {"lang": "es", "value": "Laf es una plataforma de desarrollo en la nube. Antes de la versi\u00f3n 1.0.0-beta.13, el control del entorno de la aplicaci\u00f3n LAF no era lo suficientemente estricto y, en ciertos escenarios del entorno de privatizaci\u00f3n, puede provocar una filtraci\u00f3n de informaci\u00f3n confidencial en secreto y en el mapa de configuraci\u00f3n. En la sintaxis de ES6, si un objeto hace referencia directamente a otro objeto, el nombre del propio objeto se utilizar\u00e1 como clave y toda la estructura del objeto se integrar\u00e1 intacta. Al construir la instancia de implementaci\u00f3n de la aplicaci\u00f3n, se encontr\u00f3 env en la base de datos y se insert\u00f3 directamente en la plantilla, lo que result\u00f3 en controlabilidad aqu\u00ed. La informaci\u00f3n confidencial en el mapa secreto y de configuraci\u00f3n se puede leer a trav\u00e9s del campo envFrom de k8s. En un entorno de privatizaci\u00f3n, cuando `namespaceConf. fijo` est\u00e1 marcado, puede provocar la fuga de informaci\u00f3n confidencial en el sistema. Al momento de la publicaci\u00f3n, no est\u00e1 claro si existen parches o workarounds."}], "id": "CVE-2023-48225", "lastModified": "2024-11-21T08:31:14.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T21:15:08.237", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}