CVE-2023-50253

Name of the Vulnerable Software and Affected Versions Laf versions 1.0.0-beta.13 and prior

Description Laf is a cloud development platform that uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, the interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs.

Recommendations For versions 1.0.0-beta.13 and prior, as a temporary workaround, consider restricting access to the log retrieval interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.