Описание
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.109.0 (исключая)
cpe:2.3:a:langfuse:langfuse:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
7.6 High
CVSS3
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 7.6
github
5 месяцев назад
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.
EPSS
Процентиль: 33%
0.00131
Низкий
7.6 High
CVSS3
Дефекты
CWE-285