CVE-2023-50424

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

SAP/cloud-security-client-go
SAP/cloud-security-client-go
Client Library in GoLang for application developers requiring authentication and authorization information in their application. The library is used to obtain token information like user name, user attributes and audiences.
GitHubGitHub
13