laf logs leak
CVE-2023-50253

9.7CRITICAL

Key Information:

Vendor: Labring
Status: Laf
Vendor: CVE Published:; 3 January 2024

What is CVE-2023-50253?

The Laf cloud development platform has a vulnerability related to improper access control in its logging functionality. Specifically, in versions 1.0.0-beta.13 and earlier, the platform's method for retrieving logs from containers does not adequately verify the permissions of the pods. This oversight permits authenticated users to access logs from any pod within the same namespace. As a result, sensitive information reflected in the logs may be exposed. Currently, there are no patched versions available to address this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

laf <= 1.0.0-beta.13

References

https://github.com/labring/laf/security/advisories/GHSA-g...

x_refsource_CONFIRM

https://github.com/labring/laf/pull/1468

x_refsource_MISC

CVSS V3.1

Score:

9.7

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Dec 5, 2023

JSON

Labring

What is CVE-2023-50253?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.