GSD-2023-50253
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-50253",
"id": "GSD-2023-50253"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-50253"
],
"details": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.",
"id": "GSD-2023-50253",
"modified": "2023-12-13T01:20:31.457747Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-50253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "laf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c= 1.0.0-beta.13"
}
]
}
}
]
},
"vendor_name": "labring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"refsource": "MISC",
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
},
{
"name": "https://github.com/labring/laf/pull/1468",
"refsource": "MISC",
"url": "https://github.com/labring/laf/pull/1468"
}
]
},
"source": {
"advisory": "GHSA-g9c8-wh35-g75f",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8FDC6F83-024F-4C40-83E0-D8AFB3FE4ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C82022C-C019-4F89-8969-C2A593F54BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A9A51882-1741-408B-BD11-6E6B573F9F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:-:*:*:*:*:*:*",
"matchCriteriaId": "9F93AD7E-4AF3-4A87-A907-E23ABEEF162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D86C813A-F2E7-497D-9A40-00E7011E5CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:-:*:*:*:*:*:*",
"matchCriteriaId": "5478B773-5286-4275-B75F-29FC6686402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "75F09F04-C6B9-4813-8F60-5F05B281EDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E2CFA164-92C3-482E-94D2-051789C174CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:-:*:*:*:*:*:*",
"matchCriteriaId": "25AF57B0-7EAC-4D84-BE8B-C6208D7B3D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6CD79762-5AB9-436F-A14C-936C224C08C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
},
{
"lang": "es",
"value": "Laf es una plataforma de desarrollo en la nube. En el dise\u00f1o de la versi\u00f3n Laf, el registro utiliza la comunicaci\u00f3n con k8s para recuperar r\u00e1pidamente los registros del contenedor sin necesidad de almacenamiento adicional. Sin embargo, en la versi\u00f3n 1.0.0-beta.13 y anteriores, esta interfaz no verifica los permisos del pod, lo que permite a los usuarios autenticados obtener cualquier registro del pod bajo el mismo espacio de nombres a trav\u00e9s de este m\u00e9todo, obteniendo as\u00ed informaci\u00f3n confidencial impresa en los registros. Al momento de la publicaci\u00f3n, no existen versiones parcheadas conocidas."
}
],
"id": "CVE-2023-50253",
"lastModified": "2024-01-11T19:21:43.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-03T17:15:11.387",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/pull/1468"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…