24 matches found
EUVD-2023-1718
Malicious code in bioql PyPI...
CVE-2023-36815
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
CVE-2023-33190
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
Missing Authorization
github.com/labring/sealos is vulnerable to Missing Authorization. The vulnerability exists due to the permission flaw in the Sealos billing system, which allows attackers to control the recharge resource account and recharge any amount of 1 RMB through the io/v1/Payment endpoint...
Improper Authentication
github.com/labring/sealos is vulnerable to Improper Authentication. The vulnerability exists due to Improper configuration in RBAC permissions, which allows an attacker to gain access and perform unauthorized actions...
Code injection
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
CVE-2023-36815 Sealos billing system permission control defect
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
CVE-2023-36815 Sealos billing system permission control defect
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
CVE-2023-36815
Sealos (Cloud Operating System) up to version 4.2.0 contains a permission flaw in the billing system that lets a user control the recharge resource account sealos.io/v1/Payment, enabling recharging any amount (1 RMB) and potentially exposing resource information. The vulnerability arises from imp...
CVE-2023-36815 Sealos billing system permission control defect
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
Sealos 安全漏洞
Sealos is a cloud operating system designed for managing cloud-native applications. A security vulnerability exists in Sealos 4.2.0 and prior versions that stems from a privilege flaw where the billing interface can expose resource information...
GHSA-VPXF-Q44G-W34W Sealos billing system permission control defect
Summary There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB. Details The reason is that sealos is in arrears. Egg pain, we can't create a terminal...
Sealos billing system permission control defect
Summary There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB. Details The reason is that sealos is in arrears. Egg pain, we can't create a terminal...
Improper configuration of RBAC permissions obtaining cluster control permissions
Summary Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. Details detail's is disable by publish. PoC detail's is disable by...
GHSA-74J8-W7F9-PP62 Improper configuration of RBAC permissions obtaining cluster control permissions
Summary Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. Details detail's is disable by publish. PoC detail's is disable by...
PT-2023-25706 · Sealos · Sealos
Name of the Vulnerable Software and Affected Versions: Sealos versions 4.2.0 and prior Description: Sealos, a Cloud Operating System for managing cloud-native applications, has a permission flaw in its billing system. This flaw allows users to control the recharge resource account via the...
CVE-2023-33190
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
Design/Logic Flaw
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
CVE-2023-33190 Improperly configured permissions in Sealos
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
CVE-2023-33190
CVE-2023-33190 affects Sealos, an open source cloud operating system for Kubernetes. The issue is an improper RBAC permissions configuration in Sealos versions prior to 4.2.1-rc4, enabling an attacker to obtain cluster control permissions and potentially manage the entire cluster, including pods ...