Home > Vulnerability Database > CVE-2023-50253

Mend.io Vulnerability Database

CVE-2023-50253

Good to know:

Date: January 3, 2024

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50253

Url: https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f

Url: https://github.com/labring/laf/pull/1468

Url: https://www.mend.io/vulnerability-database/CVE-2023-50253

Severity Score

6.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v1.0.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50253

Good to know:

Date: January 3, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?