Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12cHhmLXE0NGctdzM0d84AA0KL

Sealos billing system permission control defect

Summary

There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB.

Details

The reason is that sealos is in arrears. Egg pain, we can't create a terminal anymore. Let's charge for it:

Then it was discovered that the charging interface had returned all resource information. Unfortunately, based on previous vulnerability experience, the namespace of this custom resource is still under the current user's control and may have permission to correct it.

PoC

disable by publish

Impact

Permalink: https://github.com/advisories/GHSA-vpxf-q44g-w34w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cHhmLXE0NGctdzM0d84AA0KL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 10 months ago
Updated: 5 months ago


CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Identifiers: GHSA-vpxf-q44g-w34w, CVE-2023-36815
References: Repository: https://github.com/labring/sealos
Blast Radius: 9.8

Affected Packages

go:github.com/labring/sealos
Dependent packages: 8
Dependent repositories: 22
Downloads:
Affected Version Ranges: <= 4.2.0
No known fixed version
All affected versions: 1.13.0, 1.13.2, 1.14.0, 2.0.3