Lucene search
Veracode Vulnerability DatabaseVERACODE:41162HistoryJul 10, 2023 - 2:32 a.m.
Missing Authorization
2023-07-1002:32:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
github
labring
sealos
authorization
permission
billing system
vulnerability
recharge resource
attack
endpoint
payment
software
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
24.1%
github.com/labring/sealos is vulnerable to Missing Authorization. The vulnerability exists due to the permission flaw in the Sealos billing system, which allows attackers to control the recharge resource account and recharge any amount of 1 RMB through the io/v1/Payment endpoint.
Related
github
github
Sealos billing system permission control defect
2023-06-30 20:36:55
cvelist
cvelist
CVE-2023-36815 Sealos billing system permission control defect
2023-07-03 17:44:28
osv
osv
Sealos billing system permission control defect
2023-06-30 20:36:55
cve
cve
CVE-2023-36815
2023-07-03 18:15:09
prion
prion
Code injection
2023-07-03 18:15:00
nvd
nvd
CVE-2023-36815
2023-07-03 18:15:09
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
24.1%
Related for VERACODE:41162