CVE-2023-36815

Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...

CVE-2023-36815 Sealos billing system permission control defect

Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...

CVE-2023-36815

Sealos (Cloud Operating System) up to version 4.2.0 contains a permission flaw in the billing system that lets a user control the recharge resource account sealos.io/v1/Payment, enabling recharging any amount (1 RMB) and potentially exposing resource information. The vulnerability arises from imp...

GHSA-VPXF-Q44G-W34W Sealos billing system permission control defect

Summary There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB. Details The reason is that sealos is in arrears. Egg pain, we can't create a terminal...