Описание
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from https://github.com/lablup/backend.ai/pull/7587 in their instances to protect themselves from the conditions that would lead to the situation described in the CVE record.
Пакеты
Наименование
backend.ai
pip
Затронутые версииВерсия исправления
<= 25.3.3
Отсутствует
Связанные уязвимости
CVSS3: 8
nvd
8 месяцев назад
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.