[GHSA-hxvr-gg2w-j48x] BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor #6671
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
changed the base branch from
main
to
Yaminyam/advisory-improvement-6671
There was a problem hiding this comment.
Pull request overview
This PR updates the security advisory metadata for BackendAI vulnerability GHSA-hxvr-gg2w-j48x (CVE-2025-49653), which the maintainers have clarified is a false-positive report regarding sensitive information exposure. The change updates the advisory's modification timestamp.
Changes:
- Updated the "modified" timestamp to reflect the latest modification time
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates
Comments
This is also a false-positive report as access keys and emails are NOT user credentials.
Without proper combination with passwords (for emails) and secret keys (for access keys), they cannot successfully pass authentication nor forge a user's identity.
The historical intention to place emails and access keys there is to allow the user workloads to identify themselves. For example, user workloads may use them as a bookkeeper when mangling the storage paths, output filenames, etc.
Note: As described in the above CVE-2025-49651 response, the container applications including the web shell (ttyd) are NOT exposed to the public networks by default. Thus, all information inside the container, including environ.txt, are private to individual users.
The report did not include but we have more similar stuffs. I'm describing them for future reference.
/home/work/id_container: This SSH private key is randomly generated for each container to allow accessing user's own containers via "backend.ai ssh" or "backend.ai scp" CLI command which automatically downloads and puts this key as a temporary SSH client identity. Those download and application access operations are done via authenticated API requests, going through Backend.AI Manager and App Proxy.
/home/work/id_cluster: It is another randomly generated SSH key for each cluster session. It allows containers to access other containers' shell in cluster sessions, in which multiple containers are spawned and bundled as a single compute session (job) across multiple nodes.