GitHub Advisory DatabaseGHSA-VPXF-Q44G-W34WSealos billing system permission control defect
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.0005 Low
EPSS
Percentile
18.3%
Summary
There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB.
Details
The reason is that sealos is in arrears. Egg pain, we can’t create a terminal anymore. Let’s charge for it:
Then it was discovered that the charging interface had returned all resource information. Unfortunately, based on previous vulnerability experience, the namespace of this custom resource is still under the current user’s control and may have permission to correct it.
PoC
disable by publish
Impact
- sealos public cloud user
- CWE-287 Improper Authentication
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/labring/sealos | le | 4.2.0 |
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.0005 Low
EPSS
Percentile
18.3%