Lucene search

GoogleOSV:GHSA-VPXF-Q44G-W34W

HistoryJun 30, 2023 - 8:36 p.m.

Sealos billing system permission control defect

2023-06-3020:36:55

Google

osv.dev

sealos

billing system

permission control

recharge

resource account

authentication

vulnerability

namespace

poc

impact

public cloud

software

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

24.1%

JSON

Summary

There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB.

Details

The reason is that sealos is in arrears. Egg pain, we can’t create a terminal anymore. Let’s charge for it:

Then it was discovered that the charging interface had returned all resource information. Unfortunately, based on previous vulnerability experience, the namespace of this custom resource is still under the current user’s control and may have permission to correct it.

PoC

disable by publish

Impact

sealos public cloud user
CWE-287 Improper Authentication

References

github.com/labring/sealos

github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w

nvd.nist.gov/vuln/detail/CVE-2023-36815

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

24.1%

JSON

Related for OSV:GHSA-VPXF-Q44G-W34W