github · advisory-database · Jan 21, 2026 · Jan 19, 2026 · Copilot · Jan 19, 2026
diff --git a/advisories/github-reviewed/2025/06/GHSA-h889-475r-wfmm/GHSA-h889-475r-wfmm.json b/advisories/github-reviewed/2025/06/GHSA-h889-475r-wfmm/GHSA-h889-475r-wfmm.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h889-475r-wfmm",
-  "modified": "2025-06-11T16:51:42Z",
+  "modified": "2025-06-11T16:51:45Z",
   "published": "2025-06-09T18:32:17Z",
   "aliases": [
     "CVE-2025-49651"
   ],
   "summary": "Backend.AI Missing Authorization vulnerability",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.",
+  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deployment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L32 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's Backend.AI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of Backend.AI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deployment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L32 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
-  "details": "Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
+  "details": "Missing Authorization in Lablup's Backend.AI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of Backend.AI.\n\nThis is a false-positive report because our Backend.AI platform is never intended to expose the worker node's container ports directly to the \"outside\" of the cluster.\n \nOn the report, the test was conducted using a local all-in-one setup and \"0.0.0.0\" address to directly access the container's public ports via the port number 30729.\nThere are two problems here:\n0.0.0.0 is routed to the loopback address (127.0.0.1) in most operating systems.\n30729 is within the range of container ports controlled by Backend.AI Agent, which are not intended to be exposed outside the cluster.\nThe default configuration for such single-node all-in-one (for development) setups uses 127.0.0.1 as the binding address of the container's public ports, so if you access the container port from other nodes (not from the local browser), it is not accessible.\nThe location of default dev-setup configurations for reference:\ncontainer port range: \nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (30000 to 31000)\ncontainer port binding address:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/agent/halfstack.toml#L31 (127.0.0.1)\nThe default port range for container applications exposed to outside by Backend.AI App Proxy is 10205 to 10300, providing proper user authentication:\napp proxy worker port range:\nhttps://github.com/lablup/backend.ai/blob/9bc6db46a7cd2850a1f229ebf1bcdfeeb2a3abb1/configs/app-proxy-worker/halfstack.toml#L22 (10205 to 10300)\nWe clarified this fact and cautions to users in our new upcoming release (v25.19) as follows:\nhttps://github.com/lablup/backend.ai/pull/7587\n \nAgain, Backend.AI requires any production deplyoment to have separate networks for cluster's internal communication and public/external access, and all user traffic goes through the App Proxy component which implements the authentication based on web sessions when accessing the container applications.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,11 +28,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "25.3.3"
+              "fixed": "25.19.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 25.3.3"
+      }
     }
   ],
   "references": [