Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03NGo4LXc3ZjktcHA2Ms4AA0KE

Improper configuration of RBAC permissions obtaining cluster control permissions

Summary

Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster.

Details

detail's is disable by publish.

PoC

detail's is disable by publish.

Impact

Permalink: https://github.com/advisories/GHSA-74j8-w7f9-pp62
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NGo4LXc3ZjktcHA2Ms4AA0KE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: 8 months ago


CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Identifiers: GHSA-74j8-w7f9-pp62, CVE-2023-33190
References: Repository: https://github.com/labring/sealos
Blast Radius: 13.4

Affected Packages

go:github.com/labring/sealos
Dependent packages: 8
Dependent repositories: 22
Downloads:
Affected Version Ranges: < 4.2.1-rc4
Fixed in: 4.2.1-rc4
All affected versions: 1.13.0, 1.13.2, 1.14.0, 2.0.3
All unaffected versions: