Home > Vulnerability Database > CVE-2023-50253

Mend.io Vulnerability Database

CVE-2023-50253

Date: January 3, 2024

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.

Language: TYPE_SCRIPT

Severity Score

9.6

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50253

Url: https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f

Url: https://github.com/labring/laf/pull/1468

Url: https://www.mend.io/vulnerability-database/CVE-2023-50253

Severity Score

9.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insertion of Sensitive Information into Log File

CWE-532

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50253

Date: January 3, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?