GMS-2023-6059: Improper Privilege Management in github.com/sap/cloud-security-client-go

December 13, 2023 (updated December 18, 2023)

Impact

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Patches

Upgrade to patched version >= 0.17.0 We always recommend to upgrade to the latest released version.

Workarounds

No workarounds

References

https://www.cve.org/CVERecord?id=CVE-2023-50424

References

github.com/SAP/cloud-security-client-go/commit/2e3bd63e152e09f267316a1071034eb5d4b7f498
github.com/SAP/cloud-security-client-go/security/advisories/GHSA-m8rw-rcpq-2vp2
github.com/advisories/GHSA-m8rw-rcpq-2vp2

Detect and mitigate GMS-2023-6059 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →