CVE-2023-50253

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50253

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50253.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50253

Aliases

GHSA-g9c8-wh35-g75f

Published

2024-01-03T16:45:11.778Z

Modified

2026-04-10T05:06:22.131939Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

laf logs leak

Details

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50253.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/labring/laf

Affected ranges

Type

GIT

Repo

https://github.com/labring/laf

Events

Introduced

Last affected

5844873a6a90602d39c889acd23b1fa4ab51cc1d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta.13"
        }
    ]
}

Affected versions

cloud-function-engine@0.*

cloud-function-engine@0.0.3

cloud-function-engine@0.0.4

cloud-function-engine@0.0.5

cloud-function-engine@0.0.6

cloud-function@0.*

cloud-function@0.0.2

laf-app-server@0.*

laf-app-server@0.2.5

laf-app-server@0.2.6

laf-app-server@0.2.7

laf-devops-admin@0.*

laf-devops-admin@0.0.2

laf-devops-server@0.*

laf-devops-server@0.0.2

laf-devops-server@0.0.3

laf-devops-server@0.0.4

less-api-framework@0.*

less-api-framework@0.2.1

less-api-framework@0.2.2

less-api-framework@0.2.3

less-api-framework@0.2.4

node-modules-utils@0.*

node-modules-utils@0.0.2

node-modules-utils@0.0.3

node-modules-utils@0.0.4

node-modules-utils@0.0.5

v0.*

v0.1.5

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.12

v0.4.13

v0.4.14

v0.4.15

v0.4.16

v0.4.17

v0.4.18

v0.4.19

v0.4.2

v0.4.20

v0.4.21-alpha.0

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.0-alpha.1

v0.5.0-alpha.2

v0.5.0-alpha.3

v0.5.1

v0.5.1-alpha.0

v0.5.2

v0.5.2-alpha.0

v0.5.3

v0.5.4

v0.5.4-alpha.0

v0.5.5

v0.5.5-alpha.0

v0.5.6

v0.5.7

v0.5.7-alpha.0

v0.5.8-alpha.0

v0.6.0

v0.6.0-alpha.0

v0.6.0-alpha.1

v0.6.0-alpha.10

v0.6.0-alpha.2

v0.6.0-alpha.3

v0.6.0-alpha.4

v0.6.0-alpha.5

v0.6.0-alpha.6

v0.6.0-alpha.7

v0.6.0-alpha.8

v0.6.0-alpha.9

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.18

v0.6.19

v0.6.2

v0.6.20

v0.6.21

v0.6.22

v0.6.23

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.10

v0.7.11

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.8.0

v0.8.0-alpha.0

v0.8.0-alpha.1

v0.8.0-alpha.10

v0.8.0-alpha.11

v0.8.0-alpha.2

v0.8.0-alpha.3

v0.8.0-alpha.4

v0.8.0-alpha.5

v0.8.0-alpha.6

v0.8.0-alpha.7

v0.8.0-alpha.8

v0.8.0-alpha.9

v0.8.1

v0.8.10

v0.8.11

v0.8.12

v0.8.13

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5-alpha.0

v0.8.6

v0.8.7

v0.8.7-alpha.0

v0.8.7-alpha.1

v0.8.7-alpha.2

v0.8.7-alpha.3

v0.8.8

v0.8.9

v1.*

v1.0.0-alpha.0

v1.0.0-alpha.1

v1.0.0-alpha.2

v1.0.0-alpha.3

v1.0.0-alpha.4

v1.0.0-alpha.5

v1.0.0-beta.0

v1.0.0-beta.1

v1.0.0-beta.10

v1.0.0-beta.11

v1.0.0-beta.12

v1.0.0-beta.13

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-beta.4

v1.0.0-beta.5

v1.0.0-beta.6

v1.0.0-beta.7

v1.0.0-beta.8

v1.0.0-beta.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50253.json"