Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12cHhmLXE0NGctdzM0d84AA0KL
Sealos billing system permission control defect
Summary
There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB.
Details
The reason is that sealos is in arrears. Egg pain, we can't create a terminal anymore. Let's charge for it:
Then it was discovered that the charging interface had returned all resource information. Unfortunately, based on previous vulnerability experience, the namespace of this custom resource is still under the current user's control and may have permission to correct it.
PoC
disable by publish
Impact
- sealos public cloud user
- CWE-287 Improper Authentication
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cHhmLXE0NGctdzM0d84AA0KL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 6 months ago
CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Identifiers: GHSA-vpxf-q44g-w34w, CVE-2023-36815
References:
- https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w
- https://nvd.nist.gov/vuln/detail/CVE-2023-36815
- https://github.com/advisories/GHSA-vpxf-q44g-w34w
Blast Radius: 9.8
Affected Packages
go:github.com/labring/sealos
Dependent packages: 8Dependent repositories: 22
Downloads:
Affected Version Ranges: <= 4.2.0
No known fixed version
All affected versions: 1.13.0, 1.13.2, 1.14.0, 2.0.3