Authorization Bypass Through User-Controlled Key Affecting github.com/sap/cloud-security-client-go package, versions <0.17.0


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.14% (51st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMSAPCLOUDSECURITYCLIENTGO-6117636
  • published12 Dec 2023
  • disclosed12 Dec 2023
  • creditUnknown

Introduced: 12 Dec 2023

CVE-2023-50424  (opens in a new tab)
CWE-639  (opens in a new tab)

How to fix?

Upgrade github.com/sap/cloud-security-client-go to version 0.17.0 or higher.

Overview

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper handling of user-controlled keys. An attacker can obtain arbitrary permissions within the application by exploiting the vulnerability to bypass authorization checks.

References

CVSS Scores

version 3.1