5 matches found
CVE-2023-50253
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...
CVE-2023-50253 laf logs leak
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...
CVE-2023-50253 laf logs leak
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...
CVE-2023-48225 Laf env causes sensitive information disclosure
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...
CVE-2014-7878
The CVE-2014-7878 issue affects HP Helion Cloud Development Platform 1.0: the Application Lifecycle Service (ALS) Seed Node image contains identical security keys across different customer installations, enabling a remote attacker with a VM derived from the Seed Node image to connect to other VMs...