### Impact
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

### Patches
Upgrade to patched version >= 0.17.0
We always recommend to upgrade to the latest released version.

### Workarounds
No workarounds

### References
https://www.cve.org/CVERecord?id=CVE-2023-50424

Affected Packages

Go github.com/sap/cloud-security-client-go

Affected versions: 0 (fixed in 0.17.0)

Related CVEs

CVE-2023-50424

Key Information

GHSA ID

GHSA-m8rw-rcpq-2vp2

Published

December 13, 2023 1:34 PM

Last Modified

September 30, 2024 7:44 PM

CVSS Score

9.0 /10

Primary Ecosystem

Primary Package

github.com/sap/cloud-security-client-go

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.