GO-2023-2400
- Source
- https://pkg.go.dev/vuln/GO-2023-2400
- Import Source
- https://vuln.go.dev/ID/GO-2023-2400.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2023-2400
- Aliases
- Published
- 2023-12-16T04:35:08Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Escalation of privileges in github.com/sap/cloud-security-client-go
- Details
-
An unauthenticated attacker can obtain arbitrary permissions within the application under certain conditions.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-2400" }- References
-
- https://me.sap.com/notes/3411067
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
- https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
- https://github.com/SAP/cloud-security-client-go/commit/2e3bd63e152e09f267316a1071034eb5d4b7f498
Affected packages
Go / github.com/sap/cloud-security-client-go
Package
- Name
- github.com/sap/cloud-security-client-go
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/sap/cloud-security-client-go
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.17.0
Ecosystem specific
{
"imports": [
{
"path": "github.com/sap/cloud-security-client-go/auth",
"symbols": [
"Middleware.Authenticate",
"Middleware.AuthenticateWithProofOfPossession",
"matchesDomain"
]
},
{
"path": "github.com/sap/cloud-security-client-go/oidcclient",
"symbols": [
"NewOIDCTenant",
"OIDCTenant.GetJWKs",
"OIDCTenant.getJWKsFromServer",
"OIDCTenant.performDiscovery"
]
},
{
"path": "github.com/sap/cloud-security-client-go/tokenclient",
"symbols": [
"TokenFlows.ClientCredentials"
]
}
]
}